+ 


ALSO  INSIDE:  Recession  Hits  Older  IT  Workers  Hardest 
Desktop  Virtualizations  Dirty  Little  Secret 


lERWOftLD 

Peer  Perspective.  IT  Leadership.  Business  Results. 


COMPUTERWORLD.COM  |  FEBRUARY  7,  2011 


Building  the  engines  of  a  Smarter  Planet: 


$2.95 


per  5  GB  seat 
per  month* 


How  midsize  businesses  can 
get  ahead  by  backing  up. 

As  the  engines  of  a  Smarter  Planet,  midsize  companies  are  faced  with  exponential  data  growth  in  their  business 
operations.  Losing  information  isn’t  an  option.  Yet  with  tighter  budgets  and  fewer  resources,  midsize  companies 
find  it  difficult  to  maintain  a  reliable  in-house  data  backup  and  recovery  system.  That’s  why  IBM  and  its  Business 
Partners  are  using  the  power  of  the  cloud  to  offer  enterprise-level  data  protection  designed  to  reduce  your  risk  and 
meet  your  budget.  Introducing  cloud-based  backup  from  IBM.  A  smarter  infrastructure  should  help  ensure  that  your 
data  is  continuously  backed  up  in  one  of  IBM’s  150  data  centers  worldwide— so  the  moment  files  are  saved,  they’re 
protected.  Anywhere.  Anytime.  Just  go  on  with  your  business,  and  IBM  will  take  care  of  the  rest.  Here’s  how  it  works: 


Lower  your  total  cost  of  ownership  by  up  to  40%. 

Work  with  an  IBM  Business  Partner  to  compare 
your  in-house  system  to  a  scalable  IBM-managed 
cloud  service  that  avoids  capital  expenditures. 

Enjoy  security-rich,  automated  backup. 

Data  is  backed  up  the  moment  files  are  saved. 


Get  what  you  need,  when  you  need  it.  In  the  cloud, 
your  data  is  readily  available  so  you  can  make  smarter 
business  decisions  and  increase  productivity. 


Free  up  valuable  resources.  95%  of  your  savings 
are  derived  from  focusing  IT  staff  on  more  strategic 
initiatives  instead  of  routine  maintenance,  as  well  as 
reducing  backup  hardware,  software,  and  tape  media. 

IBM  Information  Protection  Services 

managed  backup  cloud 

is  designed  and  priced  with  midsize 
companies  in  mind.  Services  start  at 


Try  cloud-based  backup 
from  IBM  free  for  60  days. 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 

To  learn  more  about  services  like  Information  Protection,  connect 
with  a  Business  Partner,  or  get  set  up  now,  call  1-877-IBM-ACCESS  or 
visit  ibm.com/engines/informationprotection 


'Pnc6s  suOiect  Id  change  and  vaM  n  tte  li£  only.  Actual  costs  ary  depend**!  O'  mdMdual  custunef  configurations  and  enwcnment  IBM.  the  IBM  logo;  tnuxxn,  Smarter  Planet  and  Die  planet  con  are  tradBinarHs  of  imernaDonaf  Busress  Macjxres  Corp,  roistered 
ii  many  imsfflcoons  wufBwde  Ottw  pro&Et  and  service  names  nwjfit  tie  tradewKs  at  IBM  or  off**  companes  A  current  fet  of  I8M  tradenurts  6  3&&M  on  me  Wefi  a  (iftwwtirnccnileQat'iMpylrailas^  6  rtematcna  Busnas  Macflnes  Corporatai  20X1 


THIS  ISSUE  I  02.07.2011  [  VOL.  45,  NO.  3  $5/C0PY  ] 


COVER  STORY 


Grow  Your  Own  CIO 

14  Internal  executive  development  programs  like  Clearwire’s  CIO  University  can  nurture 
up-and-coming  IT  leaders  while  tackling  real  problems  facing  the  company. 


Confusion  Reigns 

20  Software  licensing  for  desktop 
virtualization  is  complex.  Even  vendors 
struggle  with  it. 


Calculated  Risk 

24  CIOs  are  getting  better  at  quantifying  the  potential 
impact  of  business  disruptions,  and  that’s  helping  them 
score  more  funding  for  disaster-recovery  projects. 


HEADS  UP  I  3  Aussie  IT 
pros  donate  computers  to 
flood  victims.  I  NYC  workers 
get  a  virtual  suggestion  box.  | 
4  A  tax  break  could  cause  a  spike 
in  IT  purchases.  I  Hackers 
rediscover  the  Telnet  port. 

NEWS  ANALYSIS 
6  Older  IT  workers  face 
tough  post-recession  job 


prospects.  I  7  IT  shops 
everywhere  should  prep  for 

Internet  shutdowns  like  the 
one  in  Egypt. 

OPINIONS  |  12  Thornton 

May  sees  similarities  between 
the  expectations  New  England 
fans  had  for  the  Patriots  and 
the  expectations  users  have 

for  IT.  I  32  Frank  Hayes 


isn’t  terribly  surprised  that 
the  cloud  isn’t  secure  -  it’s 
just  like  everything  else. 

DEPARTMENTS 
2  Reader  Feedback  I  8  The 
Grill:  Humanitarian  and  IT 
leader  David  Edelstein.  I 

27  Security  Manager’s 
Journal  I  28  Career 
Watch  |  31  Shark  Tank 


IIIIIIIMIIIIIM  FOR  BREAKING  NEWS,  VISIT  COMPUTERWORLD.COM  1111111111111111 


It  s  about 


people  feel  a 
real  sense  of 
investment  in 
their  career. 

- 

go.  c i  f  :  .  ; 

TO E f\'i l ; N : C A  iTO'N S  G.O. 
iN^GRowjYdtfR  qv4  ’ 

CIO.":  PAGE  14  W 


0  FOTOLIA  /  STEPHEN  COBURN 


READER  FEEDBACK 


LETTER  TO  THE  EDITOR 

A  Free  Market,  Not 
Government,  Drives 
U.S.  innovation 

If  Patrick  Thibodeau’s  analysis  is  to 
be  believed,  the  U.S.  reached  its  domi¬ 
nant  position  in  tech  pri¬ 
marily  through  govern¬ 
ment  support,  and  it  will 
take  more  of  the  same 
to  maintain  superiority 
over  China  [“How  China 
Will  Eat  the  U.S.’s  Tech 
Lunch,”  Back  Page,  Dec.  6,  2010]. 

The  evidence  is  quite  to  the  contrary. 
Free  enterprise,  the  profit  motive 
and  unfettered  markets  encouraged 


people  like  Bill  Gates  and  Steve  Jobs 
to  innovate  —  and  rewarded  them  for 
having  the  best  ideas.  By  positing  that 
a  “harshly  conservative  Congress”  will 
hurt  innovation  by  reducing  regula¬ 
tion,  and  by  making  a  non  sequitur 
argument  about  clean  energy,  Mr. 
Thibodeau  exposes  what  is  really 
behind  this  —  that 
only  he  and  those  who 
are  like-minded  are 
wise  enough  to  direct 
U.S.  tech  investment 
and  thereby  divert 
funds  from  such  trivial 
matters  as  national  defense. 

John  E.  Sircy,  president, 

Henry  A.  Fetter  Supply  Co., 

Paducah,  Ky. 


JOIN  IN! 

You  can  comment 
directly  on  our  stories,  at 

computerworld.com. 


CLARIFICATION 

Bart  Perkins’  Jan.  10  opinion  column, 
“Disappearing  CIOs,”  implied  that  there 
is  a  current  trend  for  large  corporations  to  do 
away  with  the  CIO  position,  but  the  evidence 
does  not  support  the  existence  of  such  a  trend. 


|jg  % ;;  I  fll 

CORRECTION 

A  photo  caption  in  the  News  Analysis 
section  of  the  July  12, 2010,  issue  of 
Computerworld  incorrectly  identified  the 
Indiana  state  capitol  building  as  Indianapolis 
City  Hall. 


COMPUTERWORLD 

P.O.  Box  9171 

492  Old  Connecticut  Path 

Framingham,  MA  01701 

508-879-0700 

ComputerworMxom 

»  EDITORIAL 

Editor  in  Chief 

Scot  Finnie 

Executive  Editors 

Mitch  Betts.  Julia  King  (events) 

Managing  Editors 

Michele  Lee  DeFilippo  (production). 
Sharon  Machlis  (online), 

Ken  Mingis  (news) 

Director  of  Blogs 

Joyce  Carpenter 

Art  Director 

April  Montgomery 

Technologies  Editor 

Johanna  Ambrosio 

Features  Editors 

Valerie  Potter,  Ellen  Fanning  (special 
reports),  Barbara  Krasnoff  (reviews) 

News  Editors 

Mike  Bucken,  Marian  Prokop 

Senior  Editor 

Mike  Barton 

National  Correspondents 

Julia  King,  Robert  L.  Mitchell 

Reporters 

Sharon  Gaudin,  Matt  Hamblen, 
Gregg  Keizer,  Lucas  Mearian,  Patrick 
Thibodeau,  Jaikumar  Vijayan 

Assistant  Managing  Editor 

Bob  Rawson  (production) 

Editorial  Project  Manager 

Mari  Keefe 

Associate  Online  Editor 

Ken  Gagn£ 

Office  Manager 

Linda  Gorgone 

Contributing  Editors 

Jamie  Eckle,  Preston  Gratia. 

Tracy  Mayor 


Find  these  stories  at  computerworld.com/more 


When  Trusted  IT 
People  Go  Bad 

One  rogue  IT  employee 
can  do  more  damage 
than  an  army  of  hackers. 
Here's  how  three 
companies  could  have  better  protected 
themselves,  computerworid.com/s/ 
article/9204581 

2011:  Year  of  the 
Desktop  App  Store? 

Apple’s  Mac  App  Store  is  only  the  latest 
effort  to  make  finding  and  installing  software 


on  your  computer  as  easy  as  it  is  on  your 
smartphone,  computerworld.eom/s/ 
article/9205878 

Three  Personal  VPNs 
Offer  Safer  Wi-Fi 

VPNs-for-hire  can  secure  your  laptop  at 
public  hot  spots,  computerworld.eom/s/ 
article/9205401 

Ongoing  Coverage  on  Egypt 

Keep  up  with  the  latest  news  about  the 
turmoil  in  Egypt  from  a  tech  perspective. 

http://cwrld.us/EgyptCoverage 


»  CONTACTS 

Phone  numbers,  e-mail  addresses 
and  reporters’  beats  are  available 
online  at  Computerworld.com 
(see  Contacts  link  at  the  bottom 
of  the  home  page). 

Letters  to  the  Editor 

Send  to  letters@computerworld. 
com.  Include  an  address  and  phone 
number  for  immediate  verification. 
Letters  will  be  edited  for  brevity 
and  clarity. 

News  tips 

newstips@computerworld.com 

Subscriptions  and  back  issues 

(888)  559-7327.  cw@omeda.com 

Reprlnts/permissioas 

The  YGS  Group.  800-501-9571. 
ext.  180,  computerworld® 
theygsgroup.com 


2  COMPUTERWORLD  FEBRUARY  7.  2011 


Fresh 

Insights 

New 

Trends 

Great 
f  d  e  a  s 


i 


i 


A  flooded  street  in  the  Queensland  city  of  Rockhampton,  Australia,  on  Jan.  5.  The  flood  affected 
more  than  200,000  people  across  an  area  as  large  as  France  and  Germany  combined. 


DISASTER  RECOVERY 

Tech  Staffers  Help  Aussie  Flood  Victims 

( www.qlditrelief.org )  to  streamline  the  dona¬ 
tion  process. 

So  far,  organizations  have  pledged  PCs, 
Macs,  printers  and  multifunction  devices, 
and  networking  equipment,  Benge  said. 

(All  donated  equipment  will  be  refurbished 
before  delivery.)  With  donations  stream¬ 
ing  in,  he  said,  the  relief  group  now  needs 
logistics  equipment,  such  as  palettes,  to  help 
transport  the  goods  to  Brisbane,  Queens¬ 
land’s  capital. 

Datacom  also  is  seeking  IT 
professionals  who  can  volunteer  to 
help  clean,  repair  or  rebuild  flooded 
equipment.  The  Queensland  University  of 
Technology  is  providing  assistance  for  the 
project,  with  staff  and  students  pledging 
their  time  as  volunteers. 

-  Lisa  Banks,  Computerworld  Australia 


COMPUTERWORLD.COM 


STEAL  THIS  IDEA 

NYC  Provides 
Online  Forum 
For  Staff  Ideas 

New  York  City  has  set  up  a  virtual 
suggestion  box,  called  IdeaMarket, 
where  city  employees  can  offer 
their  ideas  about  how  to  improve 
operations  and  save  money. 

Where  IdeaMarket  differs  from 
the  typical  suggestion  box  is  that 
the  employees  themselves  can  vote 
on  which  ideas  they  feel  are  best, 
and  post  comments  about  how  to 
improve  the  ideas. 

The  city’s  management,  in  turn, 
will  consider  the  highest-ranked 
suggestions  for  possible  implemen¬ 
tation.  Even  as  a  small  pilot  project, 
the  IdeaMarket  has  generated 
some  ideas  that  have  already  been 
adopted,  including  a  suggestion  to 
invest  in  videoconferencing  to  cut 
down  on  intracity  travel. 

Pleasanton,  Calif.-based  Spigit 
Inc.  provides  the  collaborative  filter¬ 
ing  software  for  IdeaMarket  as  a 
hosted  service. 

New  York  Mayor  Michael 
Bloomberg,  in  his  recent  State  of 
the  City  address,  praised  the  project 
and  suggested  that  he  might  open 
the  service  to  New  York  residents  as 
well.  “This  kind  of  open  call  for  ideas 
-  or  ‘crowdsourcing,’  as  it’s  called  - 
has  helped  cutting-edge  companies 

_  like  Facebook  and 

Netflix  improve 
services  and  save 
money,"  he  said. 
“And  with  more  than  8.4  million 
people  in  our  crowd,  imagine  what 
we  can  come  up  with." 

-  JOAB  JACKSON, 
IDG  NEWS  SERVICE 


AUSTRALIA’S  IT  community  has 

banded  together  to  donate  surplus 
computer  equipment  to  schools  and 
small  businesses  affected  by  last 
month’s  flooding  in  the  state  of  Queensland. 

The  Queensland  IT  Flood  Relief  program 
was  established  by  Datacom  Group  Ltd. 
employee  Lewis  Benge,  who  saw  the  poten¬ 
tial  for  one  company’s  IT  trash  to  become 
treasure  for  Queenslanders  who  had  lost 
everything  in  the  raging  waters. 

“I  was  sitting  in  my  office  and  staring  at 
a  whole  bunch  of  computers  that  were  just 
about  to  be  chucked  out,”  Benge  said.  “I  was 
thinking,  all  of  these  guys  in  Queensland 
have  had  their  computers  literally  washed 
down  the  river,  and  we  could  help  them  out.” 

After  the  news  of  Benge’s  donations  went 
viral  on  Twitter,  he  established  a  Web  site 


COMPUTERWORLD.COM  3 


HEADS  UP 


Micro 

Burst 


BETWEEN  THE  LINES 

By  John  Klossner 


jklossner.com 


I  (5><S"wrt'I4 


'hi  i 


fl 

B 

Q 

S) 

u 

&&<3> 

1 

c*o>0 

1 

I 

900 

WASHINGTON  WATCH 

Tax  Law  May  Accelerate  IT  Purchases 


A  SO-CALLED  100%  bonus  depre¬ 
ciation  tax  benefit  approved  by  the 
U.S.  Congress  in  December  may 
encourage  IT  managers  to  buy  new 
equipment  before  the  tax  break  expires  at  the 
end  of  this  year. 

The  tax  benefit,  part  of  Congress’  tax-cut 
bill,  was  made  retroactive  to  Sept.  8,  the  day 
President  Barack  Obama  pitched  the  idea  as  a 
quick  economic  stimulus. 

Greg  Rosica,  a  tax  partner  at  Ernst  &  Young 
LLP,  said  it  normally  takes  up  to  five  years  to 
realize  the  full  tax  benefits  from  depreciation 
on  new  equipment,  such  as  servers.  But  the 
100%  bonus  depreciation  allows  a  company  to 
take  the  entire  benefit  in  the  first  year. 

The  amount  of  the  tax  benefit  depends 
on  the  type  of  business  and  its  tax  rate.  For 
instance,  a  business  that  pays  the  top  corpo¬ 
rate  tax  rate  of  35%  and  spends  $100,000  on 
new  equipment  can  reduce  its  tax  bill  in  the 
current  year  by  $35,000,  Rosica  said. 

There’s  no  cap  on  the  amount  of  equipment 


that  can  be  depreciated,  but  it  must  be  new. 

Frank  Scavo,  president  of  research  firm 
Computer  Economics  Inc.,  said  the  tax  change 
will  affect  the  timing  of  IT  purchases.  “Buyers 
who  are  looking  out  18  months  now  may  move 
acquisitions  into  2011  to  take  advantage  of  the 
accelerated  depreciation,”  he  said. 

The  tax  benefit’s  relatively  short  window 
“could  create  a  mini-boom  in  new  equipment 
purchases,  perhaps  even  [leading  to]  some 
shortages  of  key  components,”  said  Scavo. 

The  flip  side  of  this  benefit  may  be  a  fall-off 
in  new  purchases  in  2012,  he  said.  “This  is  the 
problem  with  trying  to  fine-tune  tax  treat¬ 
ment;  there  are  almost  always  unintended 
consequences,”  said  Scavo. 

Howard  Hammer,  a  principal  at  account¬ 
ing  firm  Fiske  &  Co.,  said  the  tax  benefit  is 
“going  to  have  a  tremendous  effect”  on  buying. 
“Medium  and  large  corporations  have  been 
stockpiling  cash  for  quite  a  while,  and  I  think 
now  they  are  going  to  jump  on  it,”  he  said. 

-  Patrick  Thibodeau 


Amazon’s  S3  cloud  storage 
service  housed 

262 

billion 

objects  at  year-end  2010. 


SECURITY  MONITOR 

Hackers  Revisit 
Old  Telnet  Port 
For  IT  Attacks 

Hackers  are  increasingly  using  the 
old  Telnet  remote-access  protocol 
to  attack  corporate  servers,  accord¬ 
ing  to  a  report  released  last  month 
by  Akamai  Technologies  Inc. 

The  vendor’s  quarterly  report  on 
global  Internet  traffic  said  that  10% 
of  attacks  that  came  from  mobile 
networks  during  2010’s  third  quarter 
were  directed  at  Port  23,  which 
Telnet  uses.  That  marks  a  somewhat 
unusual  spike  for  the  aging  protocol. 

Telnet  has  been  gradually  re¬ 
placed  by  Secure  Shell,  or  SSH, 
as  a  means  of  accessing  servers 
remotely.  Administrators  are  gener¬ 
ally  advised  to  disable  Telnet  if  the 
protocol  isn’t  being  used,  in  order 
to  prevent  attacks  targeting  it,  but 
some  forget  to  do  so. 

The  report  said  the  attacks  are 
probably  coming  from  malware- 
infected  PCs  connecting  to  wireless 
networks,  not  from  mobile  devices. 

Telnet’s  Port  23  was  “overwhelm¬ 
ingly  the  top  targeted  port  for 
attacks"  in  Egypt,  Peru  and  Turkey, 
Akamai’s  report  said. 

Akamai  found  that  Port  445,  com¬ 
monly  used  for  Microsoft  products, 
was  the  most  targeted  port,  but  the 
attacks  on  the  port  have  declined 
since  the  Conficker  worm  attacked 
it  in  2009. 

-  JEREMY  KIRK. 

IDG,  NEWS  SERVICE 


4  COMPUTERWORLD  FEBRUARY  7.  2011 


Building  the  engines  of  a  Smarter  Planet: 

How  midsize  businesses  get  more  from 
their  data,  while  paying  less  to  store  it. 

On  a  smarter  planet,  information  doesn’t  just  grow— it  evolves.  That’s  why  midsize  businesses  need  a  storage  system 
designed  to  grow  with  both  their  business  and  their  increasingly  complex  information.  Enter  the  IBM®  Storwize® 
V7000,  a  compact  midrange  disk  system  designed  and  priced  for  midsize  companies.  The  IBM  Storwize  V7000 
includes  advanced  features  like  storage  virtualization,  thin  provisioning,  and  automated  tiering  at  no  additional  cost, 
helping  midsize  companies  store  their  data  in  a  way  that’s  simple,  flexible  and  affordable.  Here’s  how: 


Midsize  businesses  are  the  engines  of  a  Smarter  Planet. 

To  learn  more  about  products  like  the  IBM  Storwize  V7000,  connect 
with  an  IBM  Business  Partner  today.  Call  1-877-IBM-ACCESS  or  visit 
ibm.com/engines/storage 


Improve  application  throughput  by  up  to  200%J 

Automated  tiering  moves  frequently  used 
information  to  faster  drives,  which  can  provide 
quicker  search  results  and  lower  costs  for 
storing  data. 


Maximize  the  potential  of  your  infrastructure. 

With  essential  technologies  like  virtualization 
and  thin  provisioning,  you  can  maximize  storage 
potential  without  having  to  choose  between 
performance  and  efficiency. 


Simplify  your  storage  management. 

A  graphical  user  interface  can  simplify  configuration, 
provisioning,  tiering  and  upgrades,  making  users 
more  productive,  resources  better  utilized  and  growth 
easier  to  manage. 


IBM  Storwize  V7000 

A  compact  midrange  disk  system  designed  and 
priced  for  the  growing  needs  of  midsize  companies. 
Starting  at 

per  month  for  36  months. 


$1,250 


1  Based  on  IBM  internal  study.  Actual  results  may  be  different  based  on  storage,  server  and  database  configuration.  Prices  subject  to  change  and  valid  in  the  U.S.  only.  Actual  costs  will  vary  depending  on  individual  customer 
configurations  and  environment.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  custom¬ 
ers  Rates  are  based  on  a  customer's  credit  rating,  financing  terms,  ottering  type,  equipment  type  and  options,  and  may  vary  by  country.  Other  restrictions  may  apply.  Rates  and  titterings  are  subject  to  change,  extension  or 
withdrawal  without  notice.  IBM,  the  IBM  logo,  ibm.com,  Smarter  Planet,  the  planet  icon  arid  Storwize  are  trademarks  of  International  Business  Machines  Corp.  registered  in  many  jurisdictions  worldwide.  Other  product  and 
service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/iegavcopytrade .shtml.©  International  Business  Machines  Corporation  2011. 


NEWS  ANALYSIS 


I  think  the 
biggest  risk 


occupations”  jumped  from  6%  to  8.4% 
between  2009  and  2010.  For  women 
55  and  older  pursuing  those  jobs,  the 
unemployment  rate  hit  9.4%  in  2010, 
1.6  percentage  points  higher  than  the 
rate  for  men  in  the  same  age  group. 

At  the  same  time,  the  unemploy¬ 
ment  rate  for  computer  and  math 
workers  ages  25  to  54  dropped  from 
5.1%  in  2009  to  4.5%  in  2010.  (See 
chart  at  http://bit.ly/eBu1WJ3.) 

Four  years  ago,  before  the  eco¬ 
nomic  downturn,  the  jobless  rate  for 
computer  and  math  professionals  was 
3.5%  for  men  55  and  over  and  4.2%  for 
women  in  that  age  group.  The  overall 
rate  for  people  between  the  ages  of  25 
and  54  was  just  1.7%. 

Nanci  Schimizzi,  president  of  the 
mentoring  and  advocacy  group  Women 
in  Technology,  said  jobless  women  50 
or  older  generally  “remain  unemployed 
for  years,  to  the  point  where  many 
have  more  or  less  given  up”  or  changed 


fiPPUWTlMi 

i 


Downturn  Hits  Older 
Tech  Workers  Hardest 

IT  pros  who  are  over  55,  especially  women,  face  long-term 
joblessness.  Cloud  and  healthcare  expertise  are  pluses 
these  days.  By  Patrick  Thibodeau  and  Sharon  Machlis 


in  IT  is  we  tend  to  define 
ourselves  with  the 
technology  we  like,  rather 
than  aligning  ourselves 
with  the  strategies  the 
business  needs. 

IT  DIRECTOR. 

PENNSYLVANIA  STATE  UNIVERSI 1 Y 


UNEMPLOYMENT  RATES  for  older  IT  professionals 

have  increased  faster  than  they  did  for  younger  tech 
workers  since  the  recession  hit  some  three  years  ago, 
according  to  new  U.S.  government  data. 

The  numbers  confirm  what  30-year  IT  veteran 
Maribeth  McIntyre  had  already  suspected. 

Until  McIntyre  lost  a  job  in  2007  at  age  55,  finding  IT  work 
had  “always  been  as  easy  as  can  be,”  she  said.  When  she  became 
unemployed,  she  quickly  started  looking  for  another  job  as  a 
business  system  analyst  and  project  manager. 

The  recession  hadn’t  hit  yet,  and  McIntyre  initially  had  numer¬ 
ous  interviews  that  seemed  promising.  Nonetheless,  it  took  eight 
months  to  land  a  consulting  job.  “I  was  beginning  to  suspect  it 
was  an  age  problem,”  she  said. 

The  recession  ended  McIntyre’s  consulting  job.  She  found 
short-term  contract  work  in  2009  and  then  landed  a  six-month 
assignment  that  recently  ended. 

The  latest  data  from  the  U.S.  Bureau  of  Labor  Statistics  shows 
that  overall  unemployment  in  “computer  and  mathematical 


.  careers. 

Schimizzi  doesn’t  expect  much  im¬ 
provement  in  full-time  job  prospects  for  older  IT  workers  even  as 
the  economy  starts  to  grow.  “I  think  full-time  positions  are  going 
to  be  staffed  from  the  younger  workforce,”  she  said. 

Al  Williams,  a  director  of  IT  at  Pennsylvania  State  University 
and  vice  president  of  independent  IBM  user  group  Share,  said 
workers  over  50  may  concern  corporate  hiring  managers  because 
they  might  resist  change  and  generally  command  higher  salaries 
than  younger  people.  “I  think  the  biggest  risk  in  IT  is  we  tend  to 
define  ourselves  with  the  technology  we  like,  rather  than  aligning 
ourselves  with  the  strategies  the  business  needs,”  said  Williams. 

Todd  Thibodeaux,  president  and  CEO  of  the  Computing  Tech¬ 
nology  Industry  Association,  said  that  older  workers  with  specific 
skills,  mostly  in  cloud  computing  and  electronic  health  systems, 
are  still  in  demand. 

The  age  issue  is  likely  to  gain  importance  because  of  the  sheer 
size  of  the  baby  boom  generation  —  people  born  between  1946  and 
1964,  who  make  up  more  than  25%  of  the  U.S.  population.  A  2010 
federal  government  study  found  that  60%  of  the  IT  workforce  in 
2008  was  made  up  of  people  between  45  and  63  years  of  age.  ♦ 


6  COMPUTERWORLD  FEBRUARY  7.  2011 


BRIAN  SNYDER  /  REUTERS 


Egypt  ’Net  Shutdown: 
Wake-up  Call  for  CIOs 

Analysts  say  any  government  could  shut  down  Internet 
access  in  a  national  emergency,  so  IT  execs  need  a  plan 
of  action.  By  Patrick  Thibodeau  and  Juan  Carlos  Perez 


GYPT'S  CRACKDOWN  on  Internet  use  amid  huge  anti¬ 
government  protests  should  serve  as  a  warning  that  CIOs 
around  the  world  must  create  contingency  plans  to  deal 
with  the  potential  shutdown  of  critical  infrastructure. 
The  Internet  was  mostly  inaccessible  to  Egyptians  for 
about  five  days.  Citizens  began  reporting  the  widespread  return 
of  online  connections  last  Tuesday. 

Virtually  any  government  in  the  world  can  temporarily  nation¬ 
alize  and  control  critical  infrastructure,  which  includes  mobile 
networks,  fixed-line  telecommunications  and  Internet  backbone 
systems,  during  natural  disasters,  terrorist  attacks  or  any  other 
national  emergency,  said  Eric  Paulak,  an  analyst  at  Gartner  Inc. 

“This  scenario  isn’t  so  far-fetched,”  he  said.  “It’s  just  that  you 


don’t  necessarily  hear  about  it.” 

The  potential  loss  of  Internet  access  is 
especially  serious  to  the  many  IT  organi¬ 
zations  that  are  turning  to  cloud-based 
systems  to  run  key  corporate  or  govern¬ 
ment  applications,  said  Michael  Osterman, 
an  analyst  at  Osterman  Research  Inc.  “If 
organizations  are  reliant  on  cloud-based 
services,  this  would  be  a  critical  problem.” 

“Companies  doing  business  in  any 
country  should  assess  potential  loss  of  Inter¬ 
net  access  as  part  of  their  risk  management 
strategy  and  factor  it  into  the  cost  of  doing 
business,”  said  Rebecca  Wettemann,  an 
analyst  at  Nucleus  Research  Inc. 

The  analysts  suggested  creating  offline 
capabilities  for  cloud-based  systems  and 
providing  key  users  with  access  to  backup 
satellite-based  phones  and  Internet  access 
during  emergencies. 

IT  executives  based  in  Egypt  said  the 
widespread  protests  and  the  government’s 
response  disrupted  the  country’s  growing 
tech  operations. 

Yahia  Megahed,  vice  president  and  su¬ 
pervisor  of  the  Egyptian  branch  of  Symbyo 
Technologies  Inc.,  a  U.S. -based  IT  services 
firm,  said  some  workers  there  were  able  to 
access  the  Internet  via  proxies,  but  most 
had  no  recourse.  The  shutdown  “definitely 
affected”  the  business,  he  added. 

The  Egyptian  government  has  been 
aggressively  selling  the  country  as  an  out¬ 
sourcing  destination. 

Hewlett-Packard  Co.,  one  of  the  120 
companies  located  in  Cairo’s  eight-year- 
old  Smart  Village  IT  office  park,  told  its 
workers  to  stay  home  during  the  protests. 
Microsoft  Corp.,  which  also  has  an  office  in 
the  park,  said  in  the  midst  of  the  protests 
that  much  of  its  call  center  activities  run  from  Egypt  had  “been 
largely  distributed  to  other  locations.” 

IBM,  Oracle,  Indian  outsourcer  Wipro  and  other  top  compa¬ 
nies  have  also  set  up  shop  in  Smart  Village. 

“The  country  has  invested  millions  to  promote  its  capabilities 
—  and  now  that  investment  is  looking  under  threat,”  said  Phil 
Fersht,  CEO  and  head  of  research  at  HfS  Research,  an  outsourc¬ 
ing  research  and  advisory  firm. 

Megahed,  though,  is  confident  that  Egypt  will  remain  attrac¬ 
tive  to  high-tech  firms.  “Egypt  is  considered,  despite  what  hap¬ 
pened  this  week,  to  be  a  stable  country,”  he  said.  ♦ 

Perez  is  a  reporter  for  the  IDG  News  Service.  Martyn  Williams  of  the 
IDG  News  Service  and  Gregg  Keizer  contributed  to  this  story. 


The  country  has  invested  millions  to  promote  its  capabilities  -  and  now  that  investment 

is  looking  under  threat.  CEO,  HFS  RESEARCH 


MOHAMEO  ABD  EL  GHANY  /  REUTERS 


COMPUTERWORLO.COM  7 


David 

Edelstein 


This  tech  leader  is 
harnessing  the  power 
of  mobile  phones  to 
fight  poverty. 


What  electronics  do  you  take 
with  you  when  you  travel?  I  carry 
a  very  basic  unlocked  phone,  the 
$15  kind,  and  an  unlocked  Android 
phone,  so  I’m  always  using  the  local 
service  that’s  available  to  get  the 
local  user  experience. 

What’s  your  biggest  frustration 
with  technology?  That  it  is  often 
perceived  as  a  solution  unto  itself 
instead  of  an  enabler  with 
huge  potential. 

If  you  had  to  choose  another 
career,  what  would  you  do? 

I  would  be  a  kayak  guide  in  the 
summer  and  a  mountain  guide  in  the 
winter.  That  comes  from  skiing  two 
days  ago  with  my  daughter. 


8  COMPUTERWORLD  FEBRUARY  7,  2011 


DAVID  EDELSTEIN  is  using  technology  to  battle  poverty,  and  his  weapon  of  choice 
is  the  mobile  phone.  Edelstein  is  director  of  the  Grameen  Technology  Center  and 
vice  president  of  technology  programs  at  Grameen  Foundation,  a  Washington- 
based  nonprofit  that  supports  microfinance  practitioners  worldwide.  Edelstein 
holds  the  top  technology  job,  guiding  the  foundation’s  efforts  to  create  innovative  and  sustain¬ 
able  technology  approaches  to  benefit  the  world’s  poor. 

Before  joining  Grameen  in  2007,  Edelstein  worked  at  Microsoft  Corp.  designing  business 
models  to  provide  affordable  technology  products  for  people  in  emerging  markets.  He  also 
worked  with  consulting  firm  McKinsey  &  Co.  in  Brazil,  where  he  developed  business  strate¬ 
gies  tailored  to  the  needs  of  consumers  and  businesses  in  developing  countries. 

What’s  the  primary  focus  of  your  job?  I  lead  the  Grameen  Technology  Center  and  am 
responsible  for  the  success  of  all  technology  programs  at  Grameen  Foundation.  This 
work  is  anchored  in  the  use  of  mobile  phones  to  improve  lives  and  livelihoods  —  en¬ 
abling  the  poor  to  bring  themselves  out  of  poverty  using  technology  that  is  increasingly 

Continued  on  page  10 


Developer  Features 

Extensive  language  support  with  PHP  5/6  (beta)  with 


1&1®  WEB  HOSTING 


jt 


1&1®  HOSTING  PACKAGES 


6  MONTHS 


FREE 


As  the  world's  largest  web  host,  we  know  the  developer 
features  you  need  in  a  hosting  package! 


» 


HURRY -OFFER  ENDS 
2/28/2011! 

l&r  BUSINESS  PACKAGE: 


■  3  Included  Domains 

■  Private  Domain  Registration 

■  250  GB  Web  Space 

■  UNLIMITED  Traffic 

■  NEW:  Version  Management 
Software  (git) 

■  2,500  E-mail  Accounts 

■  50  MySQL  Database  (100  MB) 

■  25  FTP  Accounts 

■  E-mail  Marketing  Tool 

■  24/7  Toll-free  Customer  Support 


.com 
.info  .org 
.net 


Domains  Included 

All  hosting  packages  include  domains, 
fiee  for  the  life  of  your  package. 


Unlimited  Traffic 

Unlimited  traffic  to  all  websites  in  your 
1&1  hosting  package. 


,f*Ecs] 


zena  i-rameworK  ana  git  version  management  software. 

Online  Marketing  Tools 

SEO  tools  to  optimize  your  website. 

1&1  Webstatistics  makes  it  easy  to  monitor  your  progress. 

Green  Data  Centers 

We're  committed  to  hosting  your  site  with 
a  minimal  impact  on  the  environment. 


per 

Need  more  domains? 

.info  domain  only  $0.99  first  year' 
.com  domain  only  $4.99  first  year* 

More  special  offers  available  on 
our  website! 


MEMBER  OF 


Get  started  today,  call  1-877-GO-1AND1 


WWW. 


I1.com 

t  ! W£f  'V-  ■  -  ' 


’Offers  valid  through  2/28/2011. 12  month  minimum  contract  term  applies  for  web  hosting  offers.  Setup  fee  and  other  terms  and  conditions  may  apply:  pomainofferf  valid  first' yeajr  oi.tly.Lftfter  'first' ycar^ifaodafdr 
pricing  applies.  Visit  www.1and1.com  for  full  promotional  offer  details.  Program  and  pricing  specifications  and  availability  subject  to  charige  without  notice.  I&f  and  the  1&1  logo  are  trademarks  of  1S1 Internet  AG, 
all  other  trademarks  are  the  property  of  their  respective  owners.  ©  2011  1&1  Internet,  Inc.  All  rights  reserved.  •  .  -  '  .. 


THE  GRILL  I  DAVID  EDELSTEIN 


1 


O 

u 


There  are  more  than 
5  billion  phones  in  the 
world,  and  such  a  huge 
percentage  are  in  the  hands  of 
people  in  emerging  markets,  so  the  potential 
is  there,  but  it  has  not  yet  been  realized. 


besides  the  magnitude  is  that  unlike  in  the  U.S.,  there’s 
a  lot  of  sharing  [of  mobile  phones]  in  emerging  markets. 
So  the  challenges  aren’t  around  putting  technology  in 
their  hands.  The  challenges  are  more  around  develop¬ 
ing  services  that  can  be  easily  used  and  [are]  affordable. 
There  are  high  illiteracy  rates  and  multiple  languages, 
so  addressing  those  are  also  challenges.  And  cost  can  be 
a  challenge.  In  Uganda,  for  example,  government- 
imposed  taxes  on  minutes  and  handsets  are  very  high. 

What  are  your  strategies  for  overcoming  such  barri¬ 
ers?  The  first  is  the  trusted  intermediary  model.  We 
realized  early  on  that  information  alone  is  not  suf¬ 
ficient  to  change  people’s  behavior,  which  is  how  we 
achieve  impact.  What’s  required  is  having  a  trusted 
member  of  the  community  serve  in  an  intermediary 
role  where  they  know  how  to  discover  the  informa¬ 
tion,  how  to  use  the  information  and  how  to  contex¬ 
tualize  that  information.  We’ve  developed  networks 
of  trusted  intermediaries,  such  as  community  [agri¬ 
cultural]  knowledge  workers  in  Uganda,  community 
health  nurses  in  Ghana  or  a  network  of  entrepreneurs 
who  use  their  mobile  phones  in  Indonesia. 

And  then  the  second  is  to  use  the  phone  for  voice 
services  as  well,  which  is  sort  of  obvious,  but  not 
always.  What  we  found,  especially  to  overcome  some 
of  the  challenges  with  illiteracy,  is  that  many  people 
prefer  to  receive  voice  messages.  They  have  the 
option  of  receiving  text  messages  or  voice  messages 
in  their  native  language,  and  90%  of  the  time  they 
prefer  to  have  voice  messages. 


Continued  from  page  8 

within  their  reach.  We  also  have  a  strong  focus  on  how 
technology  can  benefit  microfinance  institutions  and 
have  developed  management  software  called  Mifos 
tailored  to  the  specific  needs  of  these  institutions.  I 
work  closely  with  teams  based  in  Seattle,  Uganda, 
Ghana,  Kenya  and  Indonesia  to  direct  these  efforts. 


How  do  you  define  or  measure  success  for  you  and 
your  team?  At  the  end  of  the  day,  success  is  about 
having  a  measurable  improvement  on  people’s  lives. 
That’s  a  long-term  outcome  we  look  for.  The  interme¬ 
diate  stages  are  identifying  where  there  are  market 
gaps,  where  information  services  could  have  a  mean¬ 
ingful  impact  on  people’s  lives  but  for  one  reason  or 
another  they’re  not  being  provided.  And  it’s  identify¬ 
ing  potential  solutions  to  address  those  gaps  using 
basic  mobile  phones,  understanding  what  content 
could  be  delivered,  and  developing  models  that  are 
self-sustaining  from  an  economic  perspective. 

What  are  the  biggest  obstacles  in  getting  working 
technology  into  the  poor  regions  you  serve?  The 

beauty  of  it  is  that  there  are  over  5  billion  mobile  phones 
in  the  world  today,  and  almost  80%  are  in  emerging 
markets.  And  what’s  impressive  about  that  number 


You've  used  the  term  “information  poverty."  What 
do  you  mean  by  that?  It’s  that  inability  to  have  infor¬ 
mation  at  your  fingertips  that  will  help  you  improve 
your  life  or  livelihood.  The  phone  really  changes 
that  dynamic  to  the  extent  that  information  services 
can  be  delivered  over  the  phone.  It  makes  it  so  that 
poverty  and  information  flows  can  be  addressed. 

You  once  said  that  the  mobile  phone  has  the  poten¬ 
tial  to  level  the  playing  field  in  terms  of  access  to 
information.  Are  we  there  yet?  We’re  just  skimming 
the  surface.  I  think  a  lot  of  progress  has  been  made  in 
the  last  two  to  three  years,  but  when  you  look  at  the 
number  of  concepts  that  have  scaled,  there  are  really 
very  few.  There  are  more  than  5  billion  phones  in  the 
world,  and  such  a  huge  percentage  are  in  the  hands  of 
people  in  emerging  markets,  so  the  potential  is  there, 
but  it  has  not  yet  been  realized. 

What  can  traditional  IT  shops  and  tech  companies 
learn  from  your  work?  That  there’s  the  opportunity 
to  develop  for  what’s  commonly  called  the  base  of  the 
socioeconomic  pyramid.  There’s  a  very  large  market 
if  you  can  tailor  products  to  meet  the  market  needs. 

—  Interview  by  Computerworld  contributing  writer 
Mary  K.  Pratt  (marykpratt@verizon.net) 


10  COMPUTERWORLD  FEBRUARY  7,  2011 


Chicago 


"N 

At  IT  Roadmap  Conference  &  Expo,  you’ll  discover 


March  15,  2011 


everything  you  need  to  know  to  make  informed 


8:15am  -  4:30pm 

Donald  E.  Stephens  Convention  Center 


technology  decisions  for  the  year  ahead  -  in  just 
one  day.  And  we’re  coming  to  Chicago! 


Register  today! 
www.itroadmap.net/chiad 


Through  ROI  workshops,  technical  tutorials, 
strategy  sessions,  roundtable  discussions, 
keynote  addresses,  networking  opportunities 
and  an  interactive  expo  floor,  you’ll  hear  fresh 
perspectives  and  new  technology  insights  from 
the  industry’s  leading  IT  analysts,  top  tech 
practitioners,  and  experienced,  high-profile 
end  users. 


All  new  morning  tracks  include: 


•  The  New  Data  Center 

•  The  Connected  Enterprise 

•  The  Modern  Network 

•  The  Public  &  Private  Cloud 

•  The  Evolving  Threat  Landscape 


Who  Attends: 


IT  ROADMAP  2011 

March  15 
April  28 
June  7 

September  13 
October 
Washington,  DC  November 

To  learn  more,  visit: 

1  www.itroadmap.net/chiad 


Chicago 


Denver 

Boston 


Dallas 


San  Francisco 


•  CIOs  &  VPs 

•  Directors  of  IT 

•  IT  Managers 

•  Architects  &  Engineers 


For  more  information  about  sponsorship 
opportunities  and  benefits 

Contact  Andrea  D’Amato,  Vice  President  and 
Publisher  of  Network  World,  at 
adamato@nww.com  or  508-766-5455. 


PRODUCED  BY 


CIO 


COMPUTERWORU) 


CSO  InfbWorld 


KETWORKWORLD 


Tom  Brady,  the  Patriots 
And  IT  Expectations 


The  fact  that  a 
team  that  had  so 
much  promise 
had  failed  to 
deliver  -  again  - 
reminded  me  of 
something:  IT. 


Thornton  A.  May 

is  the  author  of 
The  New  Know:  Innovation 
Powered  by  Analytics 
and  executive  director 
of  the  IT  Leadership 
Academy  at  Florida  State 
College  at  Jacksonville. 
You  can  contact  him  at 
thorntonamayd) 
aol.com. 


A  FEW  WEEKS  AGO,  football  fans  in  New  England  watched  in  horror 
as  quarterback  Tom  Brady  and  the  Patriots  suffered  an  unattract¬ 
ive  loss  to  their  trash-talking  divisional  rivals,  the  New  York  Jets. 
The  next  day,  sports  fans  throughout  the  region  were  numb. 


The  fact  that  a  team  that  had  held  so  much  promise, 
had  consumed  so  much  of  the  community’s  time 
and  attention  and  had  been  lavished  with  money 
had  failed  to  deliver  —  again  —  reminded  me  of 
something  else.  I’m  sorry  to  say,  it  was  IT. 

In  every  discipline,  expectations  and  their 
management  have  always  been  part  of  the  leader¬ 
ship  tool  kit.  Yet  not  many  executives  and  very  few 
football  fans  have  really  studied  the  mechanisms 
of  where,  when  and  how  expectations  get  set.  A 
big  contributor  is  historical  performance. 

Experts  in  international  development  observe 
that  for  the  past  20  years,  there’s  been  talk  about 
Brazil’s  bright  future  —  a  time  of  prosperity  that 
is  always  just  around  the  corner  but  never  arrives. 
As  a  result,  when  we  hear  talk  today  about  Brazil’s 
prospects,  our  expectations  are  greatly  lowered. 

Conversely,  the  Patriots  have,  in  a  reasonably 
compressed  time  span,  won  three  Super  Bowls.  In 
a  league  that  aggressively,  outspokenly  and  very 
effectively  creates  rules  and  regulations  designed 
specifically  to  prevent  any  one  team  from  domi¬ 
nating  the  sport,  is  it  rational  to  expect  the  Pa¬ 
triots  to  win  the  Super  Bowl  every  year?  Perhaps 
not,  but  the  fans’  expectations  are  nonetheless 
heightened  by  a  recent  record  of  great  success. 

Just  as  the  Patriots  have  their  troika  of  champi¬ 
onships,  enterprise  IT  has  its  trifecta  of  underper¬ 
formance  —  ERP,  the  dot-com  push  and  Y2K. 

Management  teams  still  vividly  remember  that 
during  the  late  ’90s,  IT  swore  that  if  the  enterprise 
did  not  deploy  an  intergalactic  ERP  backbone, 
the  wheels  were  going  to  fall  off.  Yes,  it  would 


require  a  multimillion-dollar  investment,  but  we 
guaranteed  that  it  would  pay  off.  Instead,  many 
enterprises  ended  up  pouring  as  much  as  twice 
the  budgeted  amount  down  a  sinkhole. 

Next  came  the  Web.  Fearing  that  incumbent 
markets  would  be  Amazonized,  we  heavily  invest¬ 
ed  in  e-commerce  platforms  while  webifying  the 
enterprise.  Researchers  place  the  total  price  tag  on 
the  Internet  buildout  at  roughly  $2.2  trillion. 

At  about  the  same  time,  we  fed  the  Y2K  panic. 
Executives  were  given  a  choice:  They  could  load 
up  on  tuna  fish,  K  rations  and  peanut  butter  and 
move  to  the  hills,  or  they  could  remediate  every 
piece  of  software  code  in  the  joint.  Yet  again,  it 
appeared  as  if  IT  was  holding  a  gun  to  the  head  of 
the  organization  and  saying,  “Spend  more  money.” 

This  IT  track  record  —  which  I  have  rendered  very 
nonsympatheticalfy  —  may  be  part  of  the  reason  that 
for  the  first  decade  of  the  new  millennium,  IT  was 
in  many  cases  benched  and  had  to  focus  on  cost 
reductions  rather  than  top-line  revenue  generation, 
and  on  consolidation  instead  of  innovation. 

And  so  IT  was  sidelined  just  as  a  golden  age  of 
innovation  in  consumer  electronics.  Enterprise 
employees  can’t  help  but  notice  the  yawning  gap 
between  the  experience  of  using  their  consumer 
tech  and  the  experience  of  using  the  older  systems 
that  run  on  their  computers  at  work. 

By  next  year,  the  ferns  will  have  forgotten  the 
Patriots’  ugly  loss  and  will  expect  greatness  again. 
As  for  IT,  I’m  not  certain  that  it  has  a  lot  of  fans,  or 
that  those  it  has  will  remain  loyal.  Enterprise  IT  is 
a  franchise  in  trouble.  It’s  time  for  a  turnaround.  ♦. 


12  COMPUTERWORLD  FEBRUARY  7,  2011 


hn  HIT  print 

##£#/  INTELLIGENTLY 

rJ 

i\  ■  ’  -.  4:  ■  Mfejfe 

•.mended  monthly  print  volume  ».RM* 
ar.d  additional  paper'sayings  Cijtiri|0 

.  .  .  '■-■■■  ■  -  ;  '  ‘  1 
rage  ■ 

■  - 

;  riot  guaranteed  to  he  accurdle  by 


RJ«= 


more 


LASe 


as.  'll10 


;  SpeH 


busine55 


HP  Les©1 


Aft*  iUS’  °n;L„c'.ion  Pri"*er  PC 

,n  Color  Mul"  _  and  t°r 


energy 

saving- 


saving  e 


itself  by  se  — 

/"^irtilate  y°ur 


s  now 


lTl/10ser*e' 

hp.com/'0 


3530  COLO«M 


laser/ 


■ 


fc 


COVER  STORY 


LAST  SUMMER,  about  30  hand- 
picked  IT  managers  convened 
in  an  executive  classroom  for 
the  third  session  of  CIO  Uni¬ 
versity,  a  leadership  develop¬ 
ment  program  for  would-be  CIOs.  The 
agenda  was  chock-full  of  sessions  cover¬ 
ing  best  practices  for  stakeholder  man- 

Concmued  on  page  16  ' 


:v 


JW 


& 


BRIAN  ft  M  A  L I 


»  Kevin  Hart 


conceived 
the  CIO  University  program  at 
Clearwire  Communications.  : 


;:V'4v. 


"v ... !■’ /  u  ' 

?  l  Is  mm  WBBmsm  imSm 

. 


COVER  STORY 


Continued  from  page  14 
agement  along  with  role-playing  exercises 
to  explore  the  Thomas-Kilmann  model  of 
conflict  resolution.  Guest  speakers  included 
C-level  executives  as  well  as  former  at¬ 
tendees  who  had  gone  on  to  become  CIOs. 

A  post-session  happy  hour  and  dinner  gave 
participants  a  chance  to  network,  exchange 
insights  and  simply  blow  off  steam. 

It  might  sound  like  your  typical  leader¬ 
ship  development  seminar,  but  CIO  Univer¬ 
sity  stands  apart  in  several  ways. 

For  one  thing,  the  curriculum  is  fine- 
tuned  to  specifically  meet  the  needs  of  IT 
management.  For  another,  instead  of  being 
sponsored  by  a  university  or  an  IT  trade  as¬ 
sociation,  with  attendance  open  to  IT  execs 
from  multiple  organizations,  this  leadership  program  was  home¬ 
grown  by  a  single  company  for  its  high-performing  IT  staffers  only. 

Conceived  and  implemented  by  Kevin  Hart,  CIO  at  Clearwire 
Communications  LLC  in  Kirkland,  Wash.,  CIO  U  aims  to  serve 
the  following  three  functions:  nurture  the  next  generation  of  IT 
leaders  at  the  $274.5  million  telecommunications  upstart;  act  as 
a  forum  wherein  employees  can  work  on  real  management  issues 
relevant  to  the  company;  and  foster  a  culture  of  teamwork  among 
Hart’s  300-person  IT  staff. 

Clearwire’s  CIO  U  classes  are  held  for  a  full  day  once  every 
quarter  in  rooms  on  loan  from  the  University  of  Washington. 
Participants  are  given  homework  assignments  in  which  they’re 
asked  to  apply  improvement  initiatives  in  the  workplace.  While 
not  every  graduate  is  destined  to  hold  the  title  of  CIO,  especially 
in  a  company  like  Clearwire  with  a  relatively  small  IT  staff.  Hart 
says  the  experience  attendees  gain  is  invaluable  to  their  careers 
and  to  their  employers. 

Hart  initiated  the  program  in  2006  when  he  was  CIO  at  Level 
3  Communications  Inc.,  a  $3.7  billion  provider  of  telecommunica¬ 
tions  services  with  more  than  1,000  IT  staffers,  and  he  took  it 
with  him  when  he  joined  Clearwire  in  2009.  (His  CIO  University 
is  not  to  be  confused  with  another  program  of  the  same  name, 
through  which  the  federal  government  in  partnership  with  several 
universities  offers  graduate-level  training  in  tech  leadership.) 

To  date,  Hart’s  CIO  U  has  turned  out  more  than  130  graduates 
at  Clearwire  and  at  Level  3  Communications.  Though  nobody 
has  kept  formal  count,  Hart  says  many  graduates  have  gone  on  to 
become  CIOs,  with  a  good  number  planting  the  seeds  for  similar 
IT  leadership  programs  at  their  new  employers. 

Hart  and  others  who  are  engaged  in  the  practice  of  “growing 
your  own  CIO”  —  including  tech  execs  at  Direct  Energy  and 
Purdue  Pharma  LP  —  contend  that  there  are  multiple  benefits  to 
conducting  IT  leadership  training  internally. 

Despite  the  time  and  resources  required  to  develop  a  program 
in-house,  they  say,  internal  training  is  still  far  more  cost-effective 
than  external  programs,  a  factor  that  resonates  at  a  time  when 
corporate  training  budgets  remain  tight. 

In  addition,  in  developing  an  in-house  curriculum,  CIOs  can 
tap  human  resources  specialists,  top  executives  and  professionals 
from  other  areas  of  the  business  to  tailor  a  course  of  study  that 
matches  the  real-world  problems  plaguing  individuals  or  the  IT 
organization  as  a  whole. 


Internal  programs  help  with  recruit¬ 
ment  and  retention  of  high-performing  IT 
personnel  interested  in  career  advance¬ 
ment,  Hart  and  others  say,  but  beyond 
that,  they  foster  leadership  development 
on  an  organizational  level,  a  key  benefit  to 
the  sponsoring  company. 

“You  can  send  someone  to  California  for 
a  week  and  pay  $10,000  for  the  individual 
experience,  but  the  real  value  comes  with 
having  that  experience  collectively  as  a 
team.  The  team  becomes  better  able  to 
understand  the  context  of  working  together 
and  building  relationships,”  says  Hart.  “It’s 
about  having  people  feel  a  real  sense  of  in¬ 
vestment  in  their  career  and  in  their  future.” 

CLEARWIRE: 

Real-World  Problem-Solving 

Andrew  Macaulay,  Clearwire’s  vice  president  of  IT,  attended 
CIO  U  as  a  Level  3  Communications  employee  and  then  again 
when  he  followed  Hart  to  Clearwire.  He  also  had  a  hand  in 
shaping  the  current  curriculum.  He  calls  it  a  “hybrid,”  since  it  in¬ 
cludes  input  from  Clearwire’s  own  top  executives,  many  of  whom 
give  presentations  during  the  session,  along  with  contributions 
from  outside  experts  who  are  brought  in  to  teach  some  of  the 
leadership-specific  tracks. 

Hart  and  other  members  of  the  Clearwire  executive  team  teach 
the  classes  and  make  formal  presentations  on  business  challenges 
and  goals  while  relating  their  own  personal  experiences.  Outside 
specialists  with  credentials  in  topics  such  as  stakeholder  manage¬ 
ment,  conflict  resolution  and  emotional  intelligence  lead  discus¬ 
sions  on  their  areas  of  expertise. 

To  Macaulay’s  mind,  CIO  U’s  emphasis  on  real-world  problem¬ 
solving  with  company  peers  is 
the  real  game-changer.  “In  an 
external  class,  you  have  a  person  or 
two  from  10  different  companies, 
thus  no  common  examples,  and 
everyone  has  a  different  perspec¬ 
tive  on  a  different  list  of  problems,” 
Macaulay  says.  “With  this  ap¬ 
proach,  people  are  already  apply¬ 
ing  what  they  learn  with  peers  in 
the  classroom.  They’re  problem¬ 
solving  using  these  techniques 
on  real  issues  that  can  benefit  the 
company.” 

As  an  example,  Clearwire’s 
2009  employee  satisfaction  survey  uncovered  dissatisfaction 
with  the  quality  of  communication  between  rank-and-file  IT  and 
upper  management.  As  part  of  the  CIO  U  curriculum,  partici¬ 
pants  were  charged  with  brainstorming  changes  to  address  that 
problem,  and  Hart  set  some  specific  benchmarks  for  the  team. 

By  engaging  in  role-playing  and  applying  conflict  resolution 
techniques  covered  in  their  coursework,  CIO  U  attendees  came 
up  with  recommendations  to  close  the  gap,  including  weekly  one- 
on-one  meetings  between  managers  and  direct  reports  to  go  over 

Continued  on  page  1$ 


You  can  send  someone 
to  California  for  a 
week  and  pay  $10,000 

...  but  the  real  value 
comes  with  having  an 
experience  as  a  team. 

KEVIN  HART,  CIO, 

CLEARWIRE  COMMUNICATIONS  LLC 


16  C0MPUTERW0RLD  FEBRUARY  7,  2011 


Standard  messaging  and  data  charges  ippiy. 


Windows  Azure 


I  IAVE  CLOUD  POWI  R 


■mM 


mm 


K 


mm 


WSmBm 

p  m  '  i  n  p  - 


M 


SI 


mm 


mmm 


|L 


Ifi 


* 

L  •■'?•• 

I 


;  .:7>vV^.  . 


*734 


Get  the  free 
mobile  app  at 
http://gettag.mobi 
or  text  COM  PI 
to  70700* 


Windows  Azure  is  a  platform  for  developing,  deploying  and 
running  applications  in  the  cloud  with  virtually  unbounded 
scalability.  That  means  near-infinite  capacity  when  you  need  it. 
It's  the  kind  of  flexibility  that  can  chan  1  the  way  you  run  your 
business.  With  Windows  Azure,  inspiration  comes  less  from 
worst-case  planning  and  more  from  your  imac  nation. 

That's  Iloud  Power. 

Find  your  Cloud  Power  at  Microsoft.com/cloud/azure 


Mict  soft 


Cloud 


Power 


COVER  STORY 


Continued  from  page  16 

a  manager/employee  checklist,  an  “onboarding”  program  to  bring 
new  IT  employees  up  to  speed,  a  directive  to  tie  IT  performance 
goals  to  company  goals,  and  sponsorship  of  additional  communica¬ 
tion  forums,  like  roundtable  discussions  and  newsletters. 

When  a  follow-up  survey  was  conducted  six  months  later  to 
gauge  progress,  the  IT  team  had  made  some  impressive  gains.  “If 
there  isn’t  a  benefit  to  the  company,  then  the  whole  value  propo¬ 
sition  falls  apart,”  Hart  says. 

DIRECT  ENERGY: 

Three  Training  Levels 

Direct  Energy,  a  $9  billion  electricity  and  natural  gas  utility  with 
operations  in  several  North  American  markets,  offers  a  three-tier 
IT  leadership  development  initiative  that  blends  both  internal 
and  external  resources. 

At  the  junior  level,  the  company  recruits  from  the  top 
engineering  schools  and  then  has  new  hires  participate  in  an 
intensive,  company-run  two-year  training  program.  The  train¬ 
ing  includes  work  toward  a  range  of  certifications  and  rotating 
assignments  in  different  areas  of  the  business,  including  stints  in 
non-IT  posts  and  in  various  locales  around  the  world. 

Midlevel  IT  folks  may  be  selected  to  participate  in  a  leadership 
program  that  was  developed  by  Direct  Energy’s  IT  group  but  is 
run  in  conjunction  with  other  companies  and  outside  leader¬ 
ship  experts,  according  to  Kumud  Kalia,  Direct  Energy’s  CIO. 
Top-level  IT  execs  are  encouraged  to  participate  in  webinars, 
attend  seminars  and  enroll  in  external  leadership  development 
programs  for  a  more  customized  training  experience. 

Leveraging  both  internal  and  external  resources  makes  sense  for 


a  company  of  Direct  Energy’s  size, 
Kalia  says.  Although  Direct  Energy 
is  bigger  than  Clearwire  and 
maintains  a  larger  IT  workforce, 
Kalia  says  it  would  be  far  too  costly, 
in  terms  of  both  money  and  time, 
to  develop  and  run  such  a  diverse 
leadership-training  program  inter¬ 
nally.  In  addition,  he  says  he  doesn’t 
think  there  are  enough  high-level 
IT  roles  within  the  company,  which 
employs  about  500  IT  personnel  in 
all,  to  justify  funding  an  internally 
run,  CIO-specific  program. 
Nevertheless,  Kalia  feels  strongly  that  IT  leadership  development 
on  any  scale  is  essential  for  attracting  and  nurturing  top  talent. 
“People  don’t  want  to  join  a  company  and  have  a  great  first  year  only 
to  keep  repeating  the  great  first  year  for  10  years,”  Kalia  says.  “People 
care  about  career  development.  They  seek  out  enhanced  scope  of 
responsibility,  and  if  they’re  not  getting  it  from  their  employer,  they 
will  go  elsewhere.  We  want  to  make  sure  we  have  those  things  here.” 

PURDUE  PHARMA: 

No  Faking  Internal  Training 

Purdue  Pharma,  a  $3  billion  pharmaceutical  company,  also  cham¬ 
pions  a  mix  of  internal  and  external  IT  leadership  training.  Each  of 
the  Stamford,  Conn.-based  company’s  110  IT  employees  has  an  indi¬ 
vidual  development  plan,  and  there  are  rotating  IT  job  assignments. 

Moreover,  a  handful  of  high-potential  IT  managers  are  selected 
to  participate  in  an  internal  executive-coaching  program  that’s 

run  by  the  CIO  in  conjunction  with 
human  resources,  to  get  exposure  to 
senior  management  responsibilities.  In 
this  program,  individuals  take  a  battery 
of  leadership  assessment  tests  and  are 
coached  individually  by  HR  profes¬ 
sionals  and  top  IT  managers  to  nurture 
their  strengths  and  improve  upon  their 
weaknesses. 

Throughout  a  i2-to-i8-month  period, 
participants  are  formally  observed  by 
the  CIO,  given  assessments  every  three 
months  and  take  part  in  sessions  where 
they  get  feedback  from  their  peers. 

So  far,  seven  IT  employees  have  gone 
through  the  program. 

CIO  Larry  Pickett  says  an  inter¬ 
nal  program  works  best  on  this  level 
because  participants  can’t  manipulate 
the  scenarios  they  encounter,  like  they 
could  in  external  leadership  programs. 
“In  external  programs,  it’s  a  case  study 
you’re  working  on,  not  a  real-world 
example,”  Pickett  explains.  “Our  train¬ 
ing  is  based  on  actual  observation  in  the 
workplace,  and  you  can’t  fake  it.”  ♦ 
Stackpole,  a  frequent  Computerworld 
contributor,  has  reported  on  business  and 
technology  for  more  than  20  years. 


Is  IT  leadership  development  best 
served  by  internal  training,  ex¬ 
ternal  resources  or  a  combination 
of  the  two? 

Executive  coach  Judy  Arteche-Carr 
votes  for  the  combo.  Arteche-Carr  is 
a  member  of  the  Society  for  Informa¬ 
tion  Management’s  Executive  Man¬ 
agement  Council,  and  she’s  manag¬ 
ing  director  of  Arteche  Global  Group, 
a  management  consulting  company 
that  offers  personal  coaching  for  C- 
level  executives. 

Arteche-Carr  says  internal  pro¬ 
grams  take  into  account  the  dynamics  of  a  company  and  foster  team-building,  but  they 
can  be  limited  in  scope  and  lack  outside  perspectives.  External  training,  on  the  other 
hand,  provides  exposure  to  the  best  practices  of  other  companies  and  offers  networking 
opportunities,  but  it's  not  specifically  tailored  to  an  individual’s  or  a  company’s  needs. 

“You  need  a  combination  of  programs,  because  you  never  know  where  people  are  coming 
from,”  she  explains.  “It’s  all  dependent  on  the  company  environment  and  the  CIO’s  resources." 

in  any  case,  it's  really  the  content  of  the  program  that's  critical  to  developing  high- 
performing  IT  leaders.  The  focus  should  be  on  soft  skills  like  “influence  management." 
presentation  skills  and  writing,  as  well  as  understanding  globalization,  says  Arteche-Carr. 

-  BETH  STACKPOLE 


✓  \ 

% 


the 


COMBO: 

INTERNALAND 

EXTERNALTRAINING 

# 

x - - - ^ 


18  COMPUTERWORLD  FEBRUARY  7,  2011 


A  work  of  art  in  secure  computing. 

Building  a  better  cloud  takes  a  revolutionary  approach  to 
virtualization  that  goes  far  beyond  conventional  solutions. 
With  a  resilient  infrastructure  and  robust  security,  SunGard 

solution 

that  virtually  eliminates  the  risk  of  failure.  Navigate  the  cloud 
with  confidence  as  it  dynamically  scales  to  meet  your  needs. 
With  leading-edge  technology  and  a  staff  of  accomplished 
professionals,  SunGard  can  help  make  your  next  cloud 
computing  project  a  work  of  art. 


provides  maximum  protection  and  a  fully  managed 


Sts. 

■  -  V  ■: 


Download  the  white  paper 
"Building  a  Better  Cloud" 
at:  sungardas.com/cloud11 


©  2010  SunGard.  SunGard  and  the  SunGard  logo  are  trademarks  or  registered  trademarks  of  SunGard  Data  Systems  Inc.  or  its  subsidiaries  in  the  U.S.  and  other  countries. 
All  other  trade  names  are  trademarks  or  registered  trademarks  of  their  respective  holders. 


VIRTUALIZATION 


WHEN  DATAPRISE  INC.,  an  IT  ser¬ 
vices  company,  helped  a  customer 
with  a  desktop  virtualization 
project  last  year,  it  found  itself 
dealing  with  desktop  virtualiza¬ 
tion’s  dirty  little  secret:  No  one  —  including  vendors 
—  seems  to  know  how  to  license  the  software. 

Having  run  a  successful  pilot,  Dataprise’s  client 
wanted  to  take  the  next  step  and  deploy  700  virtual 
desktops,  says  Chris  Sousa,  director  of  infrastructure 
service  at  Dataprise.  That’s  when  the  trouble  began. 
Like  many  businesses,  the  customer  —  a  manufactur- 


1 1 1 1  ■  1 1 1  ■ 

SOFTWARE  LICENSING  FOR  DESKTOP 
VIRTUALIZATION  IS  COMPLEX.  EVEN  VENDORS 
STRUGGLE  WITH  IT.  BY  TAM  HARBERT  ✓ 


20  COMPUTERWORLD  FEBRUARY  7,  2011 


C  FOTOLIA  /  STEPHEN  COBURN 


Ji 


were  trying  to  be 
iding  citizens 
and  not  rip  anybody  off, 
but  we  couldn’t  get 
definitive  answers. 


CHRIS  SOUSA,  DIRECTOR  OF  INFRASTRUCTURE 
SERVICE,  DATAPRISE  INC. 


er  of  fiber-optic  cable  —  had  an  enterprise  agreement 
with  Microsoft  Corp.,  but  its  IT  staff  wasn’t  sure 
exactly  what  was  covered  in  a  virtualized  environ¬ 
ment.  Apparently,  neither  was  Microsoft,  says  Sousa, 
who  noted  that  he  called  the  company  repeatedly 
seeking  information. 

“We’d  get  a  different  answer  from  a  different 
person  on  a  different  day,”  he  says. 

In  a  2009  study  by  Info-Tech  Research  Group  Inc., 
Microsoft  Windows  licensing  was  identified  as  the 
No.  1  pain  point  for  organizations  implementing 
desktop  virtualization,  according  to  Info-Tech  analyst 
John  Sloan. 

Microsoft  claims  that  it  has  tried  to  improve  its 
virtualization  pricing  policies.  Most  recently,  the 
company  relaxed  its  licensing  rules  for  virtual  desktops 
and  expanded  rights  to  access  a  given  virtual  desktop 
from  more  than  one  computer.  (See  story  at  right.) 

The  changes  are  “a  step  in  the  right  direction,” 
says  Sloan,  but  he  adds  that  Microsoft  “hasn’t  gone 
as  far  as  many  would  like.”  For  example,  although 
the  new  roaming  rights  allow  users  to  log  into  their 
virtual  desktops  from  devices  outside  of  the  corpo¬ 
rate  firewall,  such  as  home  PCs  or  airport  kiosks,  the 
virtual  desktop  is  still  licensed  to  a  specific  corporate 
PC.  That  means  a  user  may  not  be  able  to  access  his 
virtual  desktop  from  another  corporate  PC,  like  one 
in  a  branch  office,  Sloan  explains. 

Confused  yet?  Microsoft  licensing  “is  still  so 
complicated  that  users  and  even  resellers  don’t  under¬ 
stand  it,”  says  Barb  Goldworm,  president  and  chief 
analyst  at  consultancy  Focus  LLC.  Not  only  are  the 
specific  vendor  rules  confusing,  but  IT  managers  also 
mix  up  the  licensing  of  the  virtualization  software 
(which  serves  as  a  connection  broker  and  a  virtual 
desktop  running  on  a  back-end  hypervisor)  and  the 
licensing  of  the  software  that  actually  runs  on  the 
desktop  (the  operating  system  and  applications). 

The  Vendors’  Struggle 

But  the  problem  is  bigger  than  just  Microsoft.  All 
software  vendors  are  struggling  with  this  issue  to 
some  extent.  When  Citrix  Systems  Inc.  introduced 
XenDesktop  4,  it  changed  from  its  traditional 


model  —  concurrent  licensing  —  to  one  license  per 
named  user.  But  customers  quickly  complained  that 
they  needed  more  flexibility.  In  some  industries,  for 
example,  multiple  users  share  the  same  device. 

So  Citrix  quickly  added  per-device  licensing  and 
brought  back  concurrent  licensing  for  its  Virtual 
Desktop  Infrastructure  edition,  says  Calvin  Hsu, 
director  of  product  marketing  at  Citrix. 

In  some  cases,  IT  managers  throw  up  their  hands 
and  look  for  other  options.  When  Michael  Goodman 
discovered  that  he’d  have  to  buy  two  licenses  for  the 
same  Windows  operating  system  —  one  for  a  thin 
client  and  one  for  the  operating  system  running  on 
the  server  —  “it  really  knocked  down  my  payback 
period  on  the  ROI,”  he  says.  That  was  one  of  the 
reasons  the  vice  president  and  director  of  informa¬ 
tion  systems  and  technology  at  Crescent  State  Bank 
in  Cary,  N.C.,  skipped  thin  clients  and  went  with  a 


COMPUTERWORLD.COM  21 


VIRTUALIZATION 


A  GUIDE  TO  THE 
LICENSING  MAZE 


Pano  Logic  Inc.  client  device,  which  serves  as  a  dumb 
terminal  connected  to  an  operating  system  that  is 
running  on  a  server  in  the  data  center. 

In  other  cases,  IT  managers  simply  wing  it, 
making  a  good-faith  effort  to  pay  the  proper  licensing 
fees  without  knowing  exactly  what  licensing  fees  are 
required,  which  is  what  Sousa’s  client  did.  “We  were 
trying  to  be  upstanding  citizens  and  not  rip  anybody 
off,  but  we  couldn’t  get  definitive  answers,”  he  says. 


Given  the  confusion  over  software  licensing,  analysts  and  industry 
experts  offer  the  following  advice  to  IT  managers  embarking  on 
desktop  virtualization  projects. 

:  •  -  Read  your  software  contracts, 

and  make  sure  you  understand  your  licensing  terms  and  conditions. 

■  Recognize  that  the  benefits  of  virtualization  are  long-term. 
Include  licensing  costs  in  your  calculations  of  the  total  costs  of  the  vii  tualiza 
tiou  project. 

■  Make  sure  you  have  a  thorough  inventory  of  your  gear.  Identify 
which  equipment  is  licensed  for  certain  types  of  software  and  under  what 
conditions.  In  addition,  know  what  software  is  being  used,  how  often  it's  be¬ 
ing  used,  and  how  many  employees  are  using  it. 

tion  ted  ;  ;  ;.  g\  Although  few  have  stated  publicly  that  they  support  spe 
cific  virtualization  technology,  "we've  seen,  with  some  of  our  larger  clients, 
[that  the  software  vendor]  will  do  a  one-off  support  contract  clause  with  that 
client  and  build  that  support  in.''  says  Chris  Wolf,  an  analyst  at  Gartner  Inc . 

■  Don’t  go  it  atone.  Find  a  consultant  or  a  reseller  that  has  a  good  track 
record  of  doing  desktop  virtualization  projects  similar  to  yours. 

-  TAM  HARBCRT 


Complex,  Like  the  Tax  Code 

Software  licensing  for  virtual  desktops  is  incredibly 
complex,  confusing  and,  in  some  cases,  prohibitively 
expensive.  “It’s  like  the  IRS  tax  code,”  says  Dave 
Buchholz,  principal  engineer  at  Intel  Corp.’s  Intel 
IT  unit,  who  has  been  running  a  research  project 
that  looks  into  all  aspects  of  desktop  and  application 
virtualization. 

The  problem  is  multifaceted.  Like  with  an  onion, 
when  you  peel  away  one  layer,  you  reveal  another.  At 
its  most  basic,  the  problem  reflects  a  fundamental 
shift  in  the  industry:  Software  is  being  divorced  from 
hardware  at  a  faster  rate  than  ever  before,  mostly 
because  of  virtualization.  As  software  vendors  deal 
with  this  shift,  they  are  experimenting  with  differ¬ 
ent  approaches.  Some  still  tie  the  software  license 
to  a  specific  piece  of  hardware,  some  are  moving 
to  a  user-based  license,  others  sell  concurrent-user 
licenses  and  still  others  do  a  mix  of  all  three. 

On  top  of  that,  there  are  different  flavors  of  virtual¬ 
ization  at  the  desktop  level,  such  as  virtual  desktop 
infrastructure,  application  virtualization  and  operat¬ 
ing  system  streaming.  And  different  types  of  licens¬ 
ing  plans  can  apply  to  the  different  flavors.  Moreover, 
there  are  many  different  layers  of  software  in  any 
virtualized  environment  —  the  operating  system,  the 
virtualization  software  itself,  the  applications  —  each 
of  which  has  its  own  licensing  requirements. 

The  confusion  over  licensing  of  Microsoft  prod¬ 
ucts  is  tripping  up  small  and  midsize  companies  in 
particular,  because  they  may  not  have  Software  As¬ 
surance  plans,  says  Sloan.  And  large  enterprises  that 
are  covered  through  SA  and  enterprise  agreements 
sometimes  don’t  feel  that  they  need  to  keep  track  of 
all  of  the  details,  even  though  they  should. 

Bill  Galinsky,  senior  vice  president  of  global  IT 
infrastructure  at  software  vendor  CA  Technologies, 
started  an  internal  desktop  virtualization  pilot 
project  in  January  2010.  So  far  he  has  virtualized 
500  desktops,  and  he  expects  to  reach  2,000  of  the 
company’s  13,000  employees  within  a  year. 

When  Galinsky  started  the  pilot,  he  bought  Micro¬ 
soft’s  Virtual  Enterprise  Centralized  Desktop  licenses 
for  the  virtual  desktops.  But  as  of  July  1,  the  VECD 
disappeared,  and  those  rights  are  now  included  in  the 
SA  program,  which  for  all  practical  purposes  bases 
licensing  on  the  number  of  users  rather  than  pieces 
of  hardware,  he  says.  “In  our  case,  our  enterprise 
agreement  works  out  to  a  ratio  of  around  i-to-1.27.  So- 


22  COMPUTERWORLD  FEBRUARY  7.  2011 


C  FOTOLIA  /  STEPHEN  COBUftN 


mr  ^mF 

mm  mm 

<:J04r*: 

As  soon  as  we  get  into  other 
software  outside  of  our 
normal  contracts,  [licensing] 
can  get  more  difficult. 

VINCE  KELLEN,  CIO, 

UNIVERSITY  OF  KENTUCKY 


every  employee  can  run  1.27  copies  of  the  operating 
system  and  Microsoft  Office.” 

Vince  Kellen,  CIO  at  the  University  of  Kentucky, 
is  also  facing  the  pricing  conundrum  as  he  considers 
how  to  virtualize  about  1,000  desktops  on  campus. 
“It’s  a  challenge  to  get  the  software  licensing  that  you 
want,”  he  says.  But  in  his  case,  Microsoft  and  other 
big  software  vendors  aren’t  the  problem.  Kellen  says 
he’s  covered  under  enterprisewide  contracts  geared 
toward  academic  institutions,  “but  as  soon  as  we  get 


into  other  software  outside  of  our  normal  contracts, 
it  can  get  more  difficult.” 

With  some  of  the  university’s  smaller  vendors, 
especially  those  selling  niche  academic  and  clinical 
applications  and  specialized  math  or  statistical  soft¬ 
ware  packages,  it’s  “a  little  harder  to  work  through 
the  contracting,”  Kellen  says. 

Over  time,  he  hopes  that  software  vendors  can 
find  a  less  expensive  pricing  model  that  is  desktop- 
virtualization-friendly  —  one  that  licenses  con¬ 
current  users  instead  of  specific  named  users,  for 
instance.  “This  will  be  hard  for  smaller  vendors,  I 
think,  as  larger  vendors  have  a  broader  portfolio  of 
software  products  and  perhaps  business  models, 
which  will  give  them  flexibility,”  Kellen  adds. 

The  whole  concept  of  software  licensing  is  morph¬ 
ing  as  virtualization  grows  and  consumer  electron¬ 
ics  invade  corporate  IT.  “As  corporate  employees 
start  using  many  different  devices  —  smartphones, 
laptops,  iPads  —  corporations  are  asking,  ‘How  many 
licenses  am  I  going  to  have  to  buy?’  ”  says  Buchholz.  ♦ 
Harbert  is  a  Washington,  D.C.-based  writer  specializing  in 
technology,  business  and  public  policy.  She  can  be  contacted 
through  her  Web  site,  TamHarbert.com. 


DEFEND  NETWORKS  AND  INFORMATION. 
IMPRESS  POTENTIAL  EMPLOYERS. 

Preventing  data  theft.  Reassuring  customers.  Complying  with  federal 
regulations.  Just  some  of  the  reasons  why  securing  information  is  such 
a  high  priority  for  employers.  Seize  your  opportunity,  with  a  certificate 
or  a  master's  degree  from  University  of  Maryland  University 
College  (UMUC).  Whether  you're  a  manager  or  an  IT  professional, 
you'll  learn  how  to  protect  systems  and  information  against  deliberate 
attacks  or  accidental  damage. 


•  Designated  as  a  National  Center  of  Academic  Excellence  in 
Information  Assurance  Education  by  the  NSA  and  the  DHS 

•  Recognized  as  a  Professional  Science  Master's 
by  the  Council  of  Graduate  Schools 

•  Financial  aid  and  an  interest-free  monthly  payment 
plan  available 

•  Program  is  offered  entirely  online 


UMUC 


Enroll  now. 


University  of  Maryland  University  College 

Co»fr«M  C  »1 1  UMrtrMty  ot  Un»v*r««y  CoU**« 


800-888-umuc  •  umuc.edu/mychallenge 


BUSINESS  CONTINUITY 


Calculated 


IT  managers  are  getting  better  at  using 
hard  numbers  to  score  more  funds  for 
disaster  recovery  projects,  by  stacy  collett 


D  RICKS  didn’t  have  to  manufacture  a 
worst-case  scenario  to  convince  execu¬ 
tives  at  Beaufort  Memorial  Hospital 
in  South  Carolina  that  they  needed  to 
boost  spending  on  business  continuity 
and  disaster  recovery  systems. 

On  his  first  day  as  CIO  at  the  hospital,  a  lightning 
storm  knocked  out  power.  The  hospital  immediately 
switched  to  a  generator,  but  the  backup  system  didn’t 
include  power  for  air  conditioning  or  communica¬ 
tions.  “Our  data  center  got  too  warm,  and  we  had  to 
start  shutting  servers  down,”  Ricks  recalls.  The  hospi¬ 
tal  also  lost  communications  links  to  other  facilities. 

From  a  CIO’s  perspective,  “It  was  almost  too  good 
to  be  true  for  me,”  Ricks  says.  “The  situation  wasn’t 


24  COMPUTERWORLD  FEBRUARY  7,  2011 


O  JUAN  SILVA  /  GCTTV  IMAGES 


HEALTHY  SLICE 


even  as  bad  as  it  can  get,  but  it 
showed  what  could  happen.  It 
was  really  obvious  that  we  had  to 
do  something  to  make  sure  that 
we’re  always  operational.” 

Today,  the  hospital  has  a 
disaster  recovery  site  with  real¬ 
time  data  backup.  Ricks  plans 
to  expand  the  site’s  capabilities 
and  add  virtual  servers  by  the 
end  of  this  year.  Total  cost:  about 
$1  million. 

For  most  IT  managers,  however,  it  takes  more  than 
a  well-timed  act  of  nature  to  convince  executives  to 
invest  more  in  business  continuity  and  disaster  recov¬ 
ery.  It  takes  a  compelling  story  that’s  full  of  the  hard 
numbers  that  executives  appreciate. 

In  the  past,  it  was  hard  to  make  a  business  case  for 
disaster  recovery  systems  because  they  were  viewed 
as  expensive  insurance  policies  against  things  that 
might  not  happen.  But  a  Forrester  Research  Inc. 
report  says  that’s  changing  because  IT  managers  are 
getting  better  at  quantifying  risks  and  assessing  the 
impact  of  a  disruption. 

“It’s  more  of  an  art  than  a  science,”  says  Forrester 
analyst  Rachel  Dines.  “Most  executives  don’t  realize 
how  much  it  costs.  We’re  talking  about  millions  of 
dollars.  So  it’s  really  all  about  how  you  pitch  it.” 

As  the  Forrester  report  puts  it:  “It’s  much  more 
likely  that  a  CIO  or  other  executive  will  approve 
budget  for  a  [business  continuity/disaster  recovery] 
upgrade  if  you  can  explain  that  in  the  next  five  years 
there  is  a  20%  probability  that  a  severe  winter  storm 
will  knock  out  power  to  the  data  center  and  cost 
$500,000  in  lost  revenue  and  employee  productivity.” 

So,  how  can  IT  managers  come  up  with  hard 
numbers  to  quantify  the  need  for  business  continuity 
and  disaster  recovery  spending?  Dines  suggests  that 
companies  take  these  steps: 

Calculate  your  annualized  risk  cost.  Make  a  list  of 
each  risk  in  your  geographic  area.  Next,  list  the  likely 
number  of  hours  of  downtime  that  might  result  from 
outages  caused  by  each  of  those  risks.  In  a  third  column, 
list  the  percentage  chance  of  such  an  event  happening 
in  a  year.  Finally,  multiply  all  of  that  by  your  hourly  cost 
of  downtime  to  arrive  at  your  annualized  risk  cost. 

“That  can  be  a  pretty  good  way  of  guiding  technol¬ 
ogy  investments  that  can  eliminate  that  risk  —  such 
as  investing  in  remote-access  procedures  for  a  winter 
storm,”  Dines  says. 

Calculate  hourly  cost  of  downtime.  Figuring 
out  the  cost  of  downtime  can  be  daunting,  because 
outages  have  both  tangible  and  intangible  costs.  Start 
by  calculating  the  most  obvious  numbers,  like  revenue 
losses  or  productivity  losses  for  salaried  employees 
who  would  be  unable  to  work;  those  are  usually  the 
biggest  downtime-related  costs  anyway.  Also  explore 
any  penalties  you’d  incur  if  you  weren’t  able  to  comply 
with  regulations  because  your  systems  were  down. 


Spending  on 
business  continuity 
and  disaster  recovery 
represents  an  average  of 


6%  to  7% 


of  the  overall  IT  budget 


SOURCE:  FORRESTER  RESEARCH  INC 


Other  consequences  —  such 
as  a  loss  of  customers,  a  decrease 
in  customer  satisfaction  or  hits  to 
your  company’s  reputation  and 
employee  morale  —  are  harder  to 
quantify;  you  might  try  to  calcu¬ 
late  them  by  looking  at  the  impact 
of  similar  events  on  your  company 
or  a  competitor  in  the  past. 

At  Troy  University  in  hurri¬ 
cane-prone  Alabama,  Greg  Price 
has  a  simple  goal:  “We  don’t  want  our  services  to  go 
down  for  a  second.”  With  30,000  students  in  17  time 
zones  around  the  globe,  the  university  can’t  tolerate 
downtime.  So  Price,  Troy’s  chief  security  and  tech¬ 
nology  officer,  carefully  gathered  data  to  reinforce  his 
argument  that  the  university  needed  a  new  remote 
data  center  to  replace  an  outdated  facility. 

He  collected  15  years  of  historical  data  that  showed 
the  probability  that  certain  events  —  categorized  as 
minor,  major  or  significant  —  would  affect  the  Troy, 
Ala.,  campus.  Here’s  what  he  found: 

■  About  75%  of  Troy’s  IT  service  interruptions  are 
considered  “minor,”  meaning  service  is  knocked  out 
for  less  than  two  hours,  usually  due  to  a  power  outage 
or  Internet  service  problem.  (Troy  had  28  minor 
events  in  2010.) 

■  Twenty-two  percent  of  the  incidents  are  con¬ 
sidered  “major,”  meaning  service  is  disrupted  for  two 
to  eight  hours,  often  due  to  construction  mishaps  or 


ood  Plan 


INCE  THE  SEPT.  11, 2001,  TERRORIST  ATTACKS,  government  agen- 
cies  and  industry  groups  have  issued  at  least  22  regulations  or  industry 
standards  to  address  business  continuity  and  disaster  recovery,  accord¬ 
ing  to  a  Forrester  Research  report.  Although  many  of  the  programs  are 
voluntary,  they  nevertheless  have  prompted  some  companies  to  fund 
additional  business  continuity  and  disaster  recovery  projects. 

But  companies  that  make  investments  just  to  comply  with  a  regulation  or  industry 
standard  are  missing  the  point,  experts  say.  "Unfortunately,  they  really  just  want  to 
check  the  box"  and  spend  as  little  as  possible  on  business  continuity  in  order  to  be  com¬ 
pliant,  says  Rachel  Dines,  a  Forrester  analyst.  On  the  other  hand,  she  says,  regulations 
“at  least  make  people  think  about  it.” 

Ideally,  regulatory  compliance  is  merely  a  byproduct  of  a  sound  business  continuity  or 
disaster  recovery  plan. 

"My  feeling  has  always  been,  if  you’re  making  the  right  business  decisions  all  along, 
you’ll  be  compliant  with  those  regulations,”  says  Ed  Ricks,  CIO  at  Beaufort  Memorial  Hos¬ 
pital.  “It’s  smart  for  us  as  a  business  to  protect  our  data  and  know  that  we've  got  a  good 
disaster  recovery  plan  -  regardless  of  whether  it’s  mandated  by  some  legislation  or  not.” 

ill-' STACY  COLLETT 


COMPUTERWORLD.COM  25 


§3M'. 


BUSINESS  CONTINUITY 


power  grid  failures.  (Troy  experienced  four  major  J 
events  in  2010.)  ! 

■  “Significant”  events  happen  just  3%  of  the  time  i 
and  include  hurricanes,  tornados  and  other  acts  of 
nature.  Troy  experienced  only  one  significant  event  in  < 
2010  —  a  winter  storm  that  dumped  a  foot  of  snow.  j 
“Based  on  the  information  from  the  15  years  we’ve  J 
been  able  to  gather,  we  can  quickly  assess  the  poten¬ 
tial  for  outages  against  those  metrics,”  Price  says.  I 

Talk  to  your  insurance  company.  Insurers  main¬ 
tain  reams  of  statistics  about  likely  incidents  and  •; 

their  associated  costs  to  get  a  sense  of  how  risky  it  is  | 
to  insure  a  particular  company.  Your  insurer  might  \ 
be  willing  to  share  some  of  that  data.  1 

Check  government  Web  sites.  Government  agen¬ 
cies  will  have  historical  data  on  events  that  have  oc-  ; 
curred  in  your  area.  The  U.S.  Department  of  Energy,  [ 
for  instance,  provides  statistics  on  power  outages  by  J 
location.  The  Department  of  Transportation  keeps  l 
statistics  on  incidents  involving  hazardous  materials.  1 
If  you  need  data  about  incidents  in  other  countries, 
one  resource  is  the  Web  site  of  EuroStat,  the  Euro-  ; 
pean  Union’s  official  statistical  agency.  J 

Making  the  Business  Case  ! 

Beyond  the  numbers,  IT  leaders  have  been  successful  \ 
in  scoring  funds  for  business  continuity  and  disaster  ‘ 
recovery  projects  when  the  business  units  and  risk  j; 

management  personnel  help  explain  the  need  in  busi-  ! 
ness  terms.  A  survey  of  345  Disaster  Recovery  Journal  ! 
subscribers  showed  that  about  65%  of  business  con-  * 
tinuity  management  teams  work  with  their  business  ! 
units  to  determine  the  impact  of  risk.  j 

Here  are  more  tips  for  winning  over  non-IT  I 

executives:  1 

Don't  say  “disaster.”  Dines  avoids  using  the  word  ! 
disaster  when  talking  about  business  continuity.  It’s  ! 
about  more  than  reacting  to  downtime,  she  says. 

Rather,  business  continuity  involves  “being  proac-  | 

tive  to  stay  always  on  and  always  available,”  she 

. -i 


When  large  enterprises  were  asked  to  name  their  top  IT  priorities  for 
the  next  12  months,  disaster  recovery  ranked  No.  2: 


’’It  *  - 


1.  Consolidate  IT  infrastructure. 

. 

j  2.  Significantly  upgrade 


\fv 


disaster  recovery  and 


3.  Expand  use  of  mobility 
technologies  for  employees 
and  customers. 


>V  business  continuity 

'ffjU.  capabilities.  •  . 

'  r  v  - 

y  Bajei  I.$S&rr<budgH  rf&ision-itiakei^at  large  enterprises 

'  SOURCE.  (oRRESUfR  REfiE ARCH  INf  .  SURVEY,' JUNE  ?0I0 
v*V 


4.  Significantly  upgrade  our 
security  environment. 


explains,  noting  that  the  most  common  risks  are  the 
mundane  ones  —  power  failures,  hardware  failures, 
software  failures,  network  failures  and  human 
errors  —  and  it’s  easier  to  calculate  the  likelihood 
of  one  of  those  incidents  than  it  is  to  predict  a 
natural  disaster. 

Explain  that  being  prepared  is  a  competitive 
advantage.  Position  disaster  recovery  or  business 
continuity  expenses  as  necessities.  Point  out  that 
competitors  could  make  significant  gains  if  your 
systems  go  down  for  a  few  days,  Dines  suggests. 

Think  of  more  than  the  basic  need  for  recovery 
when  defining  the  business  value  of  a  project.  CIO 
Gary  Kern  spent  three  years  making  the  case  for  his 
ideal  version  of  a  disaster  recovery  system  at  Mutual- 
Bank  in  Muncie,  Ind.  The  half-million  dollars  he 
eventually  received  —  for  a  storage-area  network 
with  backup  at  a  remote  data  center  —  came  in  small 
increments  as  Kern  and  his  team  explained  to  tech 
steering  committee  executives  the  benefits  of  each 
element  and  why  each  one  cost  so  much. 

“Typically,  the  justification  would  be  more  than 
just  recoverability,”  Kern  says.  “We  also  talked  about 
storage  management  and  defined  all  the  pieces  and 
parts  that  would  help  beyond  just  recoverability  and 
made  sure  those  were  apparent.” 

After  six  years  at  MutualBank,  Kern  has  learned 
to  tailor  his  pitch  to  each  executive:  “It’s  a  matter 
of  finding  the  right  hot  buttons  for  the  right  execu¬ 
tive.  [Include]  something  for  everyone.  Then  keep  it 
short  and  understandable  to  a  nontechnology  person. 
They  need  to  be  shown  the  business  value  within  the 
technology.” 

Kern  also  suggests  getting  an  unbiased  third  party, 
such  as  an  auditor,  to  help  make  your  case.  “If  it  shows 
up  in  those  third-party  reports,  it  [strengthens]  the 
case  from  the  internal  IT  department,”  he  says. 

At  Troy  University,  Price  showed  how  the  remote 
backup  facility  could  be  used  every  day,  not  just 
during  a  disruption.  “Day  to  day,  we  use  it  as  our  test 
system  and  as  sandbox  environment  for  developing 
new  services,”  he  says. 

Don't  let  a  crisis  go  to  waste.  Ideally,  companies 
make  investment  decisions  based  on  rational,  objec¬ 
tive  risk  assessments,  but  security  and  risk  profes¬ 
sionals  know  that’s  not  always  how  it  works.  Top  ex¬ 
ecutives’  interest  in  business  continuity  and  disaster 
recovery  can  ebb  and  flow  dramatically,  depending 
on  the  latest  headline-grabbing  crisis,  according  to 
Jeff  Weber,  managing  director  at  Protiviti  Inc.,  a  risk 
consulting  firm  based  in  Menlo  Park,  Calif. 

Consequently,  IT  managers  may  need  to  exploit  the 
latest  catastrophes,  pandemics  and  security  breaches 
to  get  the  attention  of  senior  executives,  the  Forrester 
report  says.  Remember:  It  was  a  lightning  storm  that 
helped  to  produce  a  $1  million  investment  in  disaster  re¬ 
covery  improvements  at  Beaufort  Memorial  Hospital.  ♦ 
Collett  is  a  Computerworld  contributing  writer. 

Contact  her  at  stcollett@aol.com. 


26  COMPUTERWORLD  FEBRUARY  7,  2011 


Getting  a  Handle  on  Our  Data 

Improved  data  handling  should  he  an  easy  win  for  our 

manager,  who  is  especially  excited  about  IP  protection. 


THREE  MONTHS  into  my  new 
job,  I’ve  had  a  chance  to  assess 
the  landscape  and  establish 
some  priorities.  No.  1  will  be 
the  way  we  handle  data. 

There’s  a  very  practical  reason  for 
this.  Before  I  arrived,  the  company  had 
spent  a  lot  of  money  on  a  third-party  data 
assessment.  The  findings  were  startling, 
and  the  CFO  expects  remediation  in 
short  order.  I  want  to  capitalize  on  that. 

But  at  least  one  aspect  of  data  han¬ 
dling  is  near  and  dear  to  the  heart  of  any 
security  professional:  the 
protection  of  intellectual 
property.  The  other  goals 
of  our  project  to  improve 
data  handling  —  data 
classification  and  data 
retention  —  are  of  more  interest  to 
Legal;  by  including  them,  I  can  get  some 
traction  and  some  valuable  collaboration 
time  with  that  department.  Some  wins 
there  should  serve  the  juicier  IP  protec¬ 
tion  aspect  well. 

I  will  recommend  to  Legal  that  we 
come  up  with  two  or  three  data  clas¬ 
sifications,  such  as  “Confidential  and 
Restricted”  or  “Confidential  and  Special 
Handling.”  Once  Legal  and  some  other 
key  business  units  agree  on  the  classifica¬ 


tions,  we  can  create  some  policies  and 
processes  so  that  workers  can  determine 
the  classification  of  data  and  mark  or 
protect  it  accordingly. 

As  for  data  retention,  I  will  work 
closely  with  our  internal  counsel  and, 
most  likely,  a  firm  with  experience  in 
retention  law.  Various  federal  and  state 
laws  require  companies  to  keep  certain 
documents  for  specified  time  periods. 

We  will  want  to  develop  a  policy  and  a 
retention  schedule  for  all  the  categories 
of  documents  that  we  are  required  to 
keep.  Next,  I  will  add 
information  on  these 
retention  policies  to 
my  security  awareness 
training  program.  And 
we’ll  need  to  ensure 
that  we  have  a  place  for  storing  retained 
data  that  can  accommodate  everything 
from  e-mail  messages  and  attachments 
to  Oracle  Financials  and  PeopleSoft  HR 
documents. 

ROI  for  IP 

With  the  program  to  protect  our  intel¬ 
lectual  property,  there  is  a  chance  that 
I  will  be  able  to  expand  my  staff  and 
security  infrastructure.  That’s  because  IP 
protection  is  one  of  the  few  technology 


Trouble 

Ticket 


When  a 
security  manager 
takes  on  a  new  job,  he  has 
to  assess  the  landscape  and 
set  priorities. 


The 

first  big  push  will 
involve  data  handling, 
because  the  CFO  is  behind 
the  initiative  -  and  because 
data-handling  projects 
involve  the  protection  of 
the  company’s  intellectual 
property,  which  is  always  a 
good  idea. 


initiatives  that  has  the  potential  to  gener¬ 
ate  real  return  on  investment.  Say  that 
an  employee  who  is  planning  to  leave  the 
company  e-mails  himself  the  source  code 
for  one  of  our  next-generation  products 
before  his  departure.  If  he  is  successful 
and  isn’t  detected  in  time,  he  could  sell 
that  code  or  use  it  himself  in  ways  that 
would  directly  and  negatively  affect  our 
future  revenue. 

But  there  are  certain  tools  that  can 
detect  such  activity,  giving  us  a  chance 
to  stop  potential  thieves  before  they  can 
abscond  with  the  virtual  goods.  I  hope  to 
get  the  go-ahead  —  and  the  budget  —  to 
deploy  them. 

To  be  specific,  I  am  bullish  on  data 
leak  protection  software.  I  used  it  at 
my  previous  company  to  detect  when 
intellectual  property  inadvertently  or 
intentionally  left  the  company  network. 

To  my  mind,  data  leak  protection 
software  pays  for  itself.  I  also  like  digital 
rights  management  as  a  way  to  prevent 
copying  that  can  result  in  our  IP  ending 
up  in  the  wrong  hands. 

I  have  told  our  legal  counsel  about  the 
potential  savings  we  could  realize  with 
such  tools,  and  he  is  interested  in  moving 
forward  with  the  effort.  I’ll  keep  evan¬ 
gelizing  for  this  program  through  focus 
groups  and  other  forums.  I’m  keeping 
my  fingers  crossed  that  I  will  be  allowed 
to  procure  the  appropriate  resources  to 
make  this  a  successful  initiative.  ♦ 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman,” 
whose  name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com. 


cc 


with  a  program  to  protect  our  IP,  I  might  be  able  to 
expand  my  staff  and  security  infrastructure. 


the  discussions  about 
security!  computerworld.com/ 
blogs/security 


COMPUTERWORLD.COM  27 


C  FOTOIU  /  VIPOESlGN 


Q&A 

Dennis  and 
Michelle 
Reina 

The  co-authors  of  Rebuilding  Trust  in  the 
Workplace  discuss  the  effects  of  the  recession 
on  the  trust  between  employers  and  workers. 

How  did  the  recession  affect  the  U.S.  workplace?  The  Great 
Recession  rocked  workplaces  everywhere,  and  the  very  under¬ 
pinnings  of  trust  were  upended. 

According  to  a  recent  workplace  survey  by  consulting  firm  Deloitte 
LLP,  one-third  of  working  Americans  say  they  plan  to  look  for  a 
new  job  when  the  economy  gets  better,  and,  of  this  group,  48% 
cite  a  loss  of  trust  in  their  employer  as  the  reason.  The  hidden 
“aha"?  Even  now,  when  many  employees  are  choosing  to  stay  put, 
they  have  “quit.”  In  the  absence  of  trust,  they  have  checked  out. 

Also,  major  betrayals  in  the  workplace  -  from  companies 
mismanaging  layoffs  to  CEOs  committing  crimes  -  can,  and  do, 
make  headlines.  They  are  not  the  only  source  of  trouble,  though. 
Minor  betrayals,  such  as  gossiping,  finger-pointing  or  taking 
credit  for  others’  work,  are  more  pervasive  and  erode  trust  over 
time.  The  accumulation  of  little  betrayals  becomes  a  big  prob¬ 
lem.  In  fact,  according  to  our  research,  90%  of  employees  report 
that  they  feel  the  effects  of  eroded  trust  daily. 


Why  should  employers  be  concerned  about  the  level  of 
trust  among  employees?  When  trust  in  a  workplace  remains 
broken,  no  one  wins.  Not  individuals.  Not  teams.  Not  organiza¬ 
tions.  What’s  more,  the  consequences  come  with  a  high  price.  On 
the  “hard”  side  of  businesses,  we  see  major  hits  to  productivity, 
performance  and  even  profits.  On  the  softer  side,  we  see  people 
lose  confidence,  commitment  and  energy.  They  disengage  in  a 
variety  of  ways  for  a  variety  of  reasons  -  most  often,  a  certain 
level  of  anger  or  fear.  In  interviews  with  individuals  and  teams, 
we  hear  comments  like  “I’m  just  going  through  the  motions"  or 
"We’ve  lost  all  passion  and  creativity.” 

Once  trust  has  been  breached,  how  can  it  be  restored?  Trust 

is  fragile.  In  the  workplace,  as  in  life,  it  will  be  built  and  it  will  be 
broken  -  a  natural  part  of  human  interaction.  The  key,  then,  to 
sustaining  trust  is  to  know  how  to  rebuild  it  again  and  again. 

Whether  you  have  been  betrayed,  have  betrayed  someone  else 
or  have  a  role,  such  as  manager  or  team  leader,  where  you  want 
or  need  to  help  others,  we  recommend  a  seven-step  process, 
drawn  from  two  decades  of  research,  for  healing  and  rebuilding 
trust.  This  seven-step  process  isn’t  a  silver  bullet.  It  does,  how¬ 
ever,  provide  a  framework  for  taking  concrete,  constructive  and 
compassionate  action: 

Q  Observe  and  acknowledge  what  happened.  Broken  trust 

is  often  experienced  as  a  loss  -  the  loss  of  what  was  or  what 
could  have  been.  Acknowledge  that  loss  and  recognize  its  impact. 
^  Allow  feelings  to  surface.  Give  yourself  permission  to  feel 
your  emotions,  whatever  they  may  be,  and  find  proper  ways  to 
express  them. 

^  Get  and  give  support.  Ask  for  help  in  recognizing  where 
you're  stuck  and  how  you  can  shift  from  blaming  to  problem¬ 
solving. 

Q  Reframe  the  experience.  Put  the  event  into  a  larger  con¬ 
text.  Look  at  the  big  picture,  plus  consider  the  personal  choices 
and  opportunities  in  front  of  you. 

^  Take  responsibility.  Own  up  to  what  is  yours  to  own, 
acknowledge  the  lessons  learned,  and  ask  how  you  can  help  im¬ 
prove  the  current  situation. 

^  Forgive  yourself  and  others.  Forgiving  doesn’t  mean 
excusing;  it  means  acknowledging  how  broken  trust  has  affected 
you,  as  well  as  others,  and  then  releasing  yourself  from  energy- 
depleting  emotions. 

^  Let  go  and  move  on.  There  is  a  difference  between  re¬ 
membering  and  “hanging  on.”  You  may  not  forget  a  betrayal, 
but  you  can  make  a  conscious  choice  to  look  forward  rather  than 
stay  stuck  in  the  past. 

-  JAMIE  ECKLE 


Making,  Your 
Resume  Shine 

CSO  magazine’s  Joan  Goodchild  asked  a  security 
professional  and  two  security  recruiters  what 
security  pros  should  include  on  their  resumes  to 
make  them  stand  out  enough  to  rise  to  the  top  of 
the  pile.  With  just  a  little  tweaking,  their  advice 
would  seem  to  be  applicable  to  IT  professionals 
of  all  stripes. 


28  COMPUTERWORLD  FEBRUARY  7,  2011 


MARKETPLACE 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


dtSearch 

Instantly  Search  Terabytes  of  Text 


Desktop  with  Spider 
Network  with  Spider 
Publish  (portable  media) 
Web  witfi  Spider 
Engine  for  Win  &  .NET 


Engine  for  Linux 

Ask  about 
fully-functional 
evaluations! 


Highlights  hits  in  a  wide  range  of  data,  using  dtSearch's 
own  file  parsers  and  converters 

•  Supports  MS  Office  through  2010  (Word,  Excel,  PowerPoint, 
Access),  OpenOffice,  ZIP,  HTML,  XML/XSL,  PDF  and  more 

•  Supports  Exchange,  Outlook,  Thunderbird  and  other 
popular  email  types,  including  nested  and  ZIP  attachments 

•  Spider  supports  static  and  dynamic  web  data  like  ASP.NET, 
MS  SharePoint,  CMS,  PHP,  etc. 

•  API  for  SQL-type  data,  including  BLOB  data 

25+  full-text  and  fielded  data  search  options 

•  Federated  searching 

•  Special  forensics  search  options 

•  Advanced  data  classification  objects 

APIs  for  C++,  Java  and  .NET  through  4.x 

•  Native  64-bit  and  32-bit  Win  /  Linux  APIs;  .NET  Spider  API 

•  Content  extraction  only  licenses  available 


With  dtSearch:  "Endless 
indexing  is  now  a  breeze" 
Computerworld 

"Impressive  searching 
power ...  handles  more 
than  a  terabyte  of  text  in 
a  single  index" 

Network  World 

"Lightning  fast ... 
performance  was 
unmatched  by  any  other 
product" 

Redmond  Magazine 

For  hundreds  more 
reviews  and  developer 
case  studies,  see 
www.dtSearch.com 


v_ 


www.dtSearch.com  •  i-soo-it-finds 


Q:  Want  to  reach  165,000  readers? 
A:  Place  your  ad  here 


The  Marketplace  section  of 


awinDNiwi 

For  more  information  contact: 

Enku  Gubaie 
508.766.5487 
egubaie@idgenterprise.com 


Environmental  Monitoring 

FOR  YOUR  DATA  CENTER 


*  Temperature 

*  Humidity 

*  Dew  Point 
Air  Flow 


Sound 
Light 
•  Smoke 
Water 


LIVE  SENSOR  READINGS 


I  Temperature  (F) 
Relative  Humttty 
vPorxtff) 


78.00  °f 

34% 


•  Door/Cabinet  Position 

•  Power  Failure 

•  Live  Video 


WEB  INTERFACE 


LOGGING  &  GRAPHING 


•  Alert  notifications  via  SNMP,  Email,  SMS 
&  Voice  Call  (dialer  required) 

•  Trigger  external  devices  via  relay  outputs 

Variety  of  environmental  monitors  available 
to  match  your  needs 

INTEGRATES  WITH  IP  CAMERAS 

.  .  (B  r  f-.'f— - 


FREE 
BOOK! 

To  order,  visit 
itwatchdogs.  com/book 


ITWatchDogs 

512-257-1462 

sales@itwatchdogs.corn 

www.itwatchdogs.com 


COMPUTERWORLD.COM  29 


IT  careers 


Accenture  LLP  presently  seeks  a 
Systems  pecialist/Technical 
Lodestar  Lead  in  Cincinnati,  OH 
to  be  responsible  for  analyzing, 
designing,  coding,  and  testing 
multiple  components  of  appli¬ 
cation  code  across  one  or  more 
clients  and  analyze,  design, 
code, and  as  required  test 
enhancements  to  complex  mod¬ 
ules.  The  individual  will  be 
involved  in  the  maintenance, 
enhancement  and  development 
work  of  complex  modules  and 
those  that  interface  with  other 
applications.  In  addition,  he  will 
be  required  to  participate  in 
pager  and  on-call  support.  The 
individual  will  work  with 
Application  Architects,  Business 
Process  Architects,  Specialists, 
and  other  System  Specialists  to 
gather  and  interpret  user  and 
system  requirements  into  design 
specifications.  The  System 
Specialist  will  develop  system 
specifications  and  interfaces  for 
complex  components.  The  indi¬ 
vidual  will  design  and  code  appli¬ 
cations  to  functional  and  tech¬ 
nical  programming  standards. 
The  individual  will  provide  pri¬ 
mary  support  towards  installation 
of  application  releases  into  pro¬ 
duction  as  directed.  The  individ¬ 
ual  will  coordinate  and  participate 
in  structured  peer  reviews  and 
walkthroughs.  The  individual  will 
plan  and  execute  all  required 
process  steps  as  defined  in  our 
methodologies.  The  individual 
will  create  operational  documen¬ 
tation  for  the  application.  The 
individual  will  coordinate  the  work 
with  other  System  Specialists  on 
and  across  applications.  The 
individual  will  provide  application 
and  technical  support  as 
required,  in  a  timely  manner.  The 
individual  will  provide  input  to 
assist  in  determining  the  level  of 
efforts.  The  individual  will  also 
organize  and  prepare  work  effec¬ 
tively  to  facilitate  proactive,  rather 
than  reactive,  resolution  of  prob¬ 
lems.  The  individual  will  assist 
the  Client  ServiceTeam  Manager 
in  monitoring  the  budget  by  pro¬ 
viding  estimated-time-to-com- 
plete  (ETC)  and  actuals  for 
assigned  tasks. Furthermore,  the 
individual  will  anticipate,  identify, 
track,  and  resolve  issues  and 
risks  affecting  the  application. 
The  individual  will  utilize  Oracle 
Utilities  tool  (Lodestar),  Energy 
Information  Platform  (EIP),  data 
manager,  and  billing  expert  mod¬ 
ules  of  the  product  and  its  appli¬ 
cations,  as  well  as  Oracle  PL/ 
SQL,  Crystal  Reports,  Business 
Objects,  and  Informatica.  Basic 
Qualifications:  The  minimum 

requirements  for  the  offered  posi¬ 
tion  are  a  Bacheloris  degree  in 
Computer  Science,  Computer 
Engineering,  Information 

Systems/Technology,  Electrical 
Engineering,  Electronics 

Engineering,  or  an  engineering 
degree  with  specialized  course 
work  in  mathematics,  program¬ 
ming,  computer  science/engi¬ 
neering  or  information  systems/ 
technology,  plus  5  years  of  pro¬ 
gressively  responsible,  post-bac¬ 
calaureate  experience  in  the  job 
offered,  or  in  the  Information 
Technology, Utilities, or  Consulting 
Industry.  Additionally,  the  can¬ 
didate  must  have  professional 
experience  with:  (i)  Oracle 
Utilities  tool  (Lodestar),  Energy 
Information  Platform  (EIP),  data 
manager,  and  billing  expert  mod¬ 
ules  and  its  applications  to  the 
Utilities  industry;  and  (ii)  Oracle 
PL/SQL, CrystalReports, 
BusinessObjects.and 
Informatica.  Qualified  candidates 
should  apply  on  line  at: 
http://careers3.accenture.com/ 
jobs/jobs.html 

and  enter  the  req.  #  00112657  in 
the  Job  Number  Search. 


CENX,  Inc.  is  seeking  a  Chief 
Technical  Officer  to  be  based  in 
Los  Angeles,  CA.  As  part  of  the 
executive  team,  the  CTO  will 
set  the  technical  strategic  direc¬ 
tion,  provide  technical  lead¬ 
ership,  develop  the  IT  infra¬ 
structure  support  systems, 
select  and  negotiate  telecom 
equipment  and  software  ven¬ 
dors,  make  decisions  on  the 
direction  of  the  business,  work 
with  executive  level  peers  from 
telecom  providers  to  establish 
technical  buy-in,  and  maintain 
relationships  with  investors. 
Requires  BA/BS  in  EE  or  CS 
and  8  years  of  experience  in  the 
telecom  industry,  including 
experience  in  executive  lead¬ 
ership  positions,  and  working 
with  Ethernet  and  IP  technol¬ 
ogy.  Must  have  demonstrated 
knowledge  of  the  Carrier  trans¬ 
port  technologies  (including 
SONET,  Wave  Division, 
Ethernet,  and  IP  transport  sys¬ 
tems),  Ethernet  and  IP  technol¬ 
ogy,  protocols,  and  services, 
network  architecture  design, 
configuration,  and  implemen¬ 
tation  and  experience  working 
directly  in  Service  Providers  to 
select  and  build  OSS/BSS  and 
IT  infrastructures.  Send  resume 
to  jobs@skywalkgroup.com. 


HP  Enterprise  Services,  LLC  is 
accepting  resumes  for  the  posi¬ 
tion  of  Services  Information 
Developer  in  Vancouver,  WA 
(Ref.  #ESVANSID11)  and 
Rockville,  MD  (Ref.  # 
ESR0CSID11).  Conceptualize, 
design,  develop,  unit-test,  con¬ 
figure,  and  implement  portions  of 
new  or  enhanced  (upgrades  or 
conversions)  business  and  tech¬ 
nical  software  solutions  through 
application  of  appropriate  stan¬ 
dard  software  development  life 
cycle  methodologies  and  proc¬ 
esses.  Mail  resume  to  HP 
Enterprise  Services,  LLC,  5400 
Legacy  Drive,  MS  H1-6E-28, 
Plano,  TX  75024.  Resume  must 
include  Ref.  #,  full  name,  email 
address  &  mailing  address.  No 
phone  calls  please.  Must  be 
legally  authorized  to  work  in  the 
U.S.  without  sponsorship.  EOE. 


Hewlett-Packard  State  &  Local 
Enterprise  Services,  Inc.  is 
accepting  resumes  for  Services 
Information  Developer  in 
Baltimore,  MD.  (Ref. 
#SLBALSID21).  Conceptualize, 
design,  develop,  unit-test,  con¬ 
figure,  &  implement  portions  of 
new  or  enhanced  (upgrades  or 
conversions)  business  &  tech¬ 
nical  SW  solutions  through 
application  of  appropriate  stan¬ 
dard  SW  devlpmt  life  cycle 
methodologies  &  processes. 
Mail  resume  to  Hewlett-Packard 
State  &  Local  Enterprise 
Services.  Inc.,  5400  Legacy 
Drive,  MS  H1-6E-28,  Plano.  TX 
75024.  Resume  must  include 
Ref.  #SLBALSID21,  full  name, 
email  address  &  mailing 
address.  No  phone  calls  please. 
Must  be  legally  authorized  to 
work  in  the  U.S.  without  spon¬ 
sorship.  EOE. 


IT  Director,  needed  for  Apollo 
Group,  Phx,  AZ.  Manage  data¬ 
base  dev.  projects,  architectural 
design,  specs  for  applications 
services  consuming  databases. 
Work  with  Oracle  &  SQL  Server, 
front-end  DB  dev:  ADO. Net, 
ASP.Net,  JAVA,  JDBC,  & 
Hibernate.  Required  B.S.  in 
comp  sci,  math,  biz,  or  engin  & 

5  yrs.  of  overall  progressive  IT 
exp.  in  DB  dev.  including  2  yrs. 
of  exp.  in  skills  listed  above. 
Competitive  salaries.  Send 
resumes  to: 

apoljobs@apollogrp.edu 

Programmer  II:  Take  Charge 
America  (Phoenix)  is  seeking  a 
qualified  Programmer  II  to  assist 
with  gathering  requirements; 
analyzing  solution  options;  cod¬ 
ing  software;  testing  software; 
providing  implementation  sup¬ 
port;  and  projecting  status 
reporting.  Must  have  a 

Bachelor's  degree  or  equivalent 
in  Computer  Science  or  related 
field  plus  three  years  of  expe¬ 
rience  in  application  devel¬ 
opment.  Please  send  cover  let¬ 
ter  and  resume  to:  Janna 
Thome,  Job  #PRO,  Take 
Charge  America,  20620  N.  19th 
Avenue,  Phoenix,  AZ  85027. 

Hewlett-Packard  Company  is 
accepting  resumes  for  a 
Software  Designer  in  San 
Diego,  CA.  (Ref.  #SDSWD11). 
Design,  develop,  maintain,  test, 
and  perform  quality  and  per¬ 
formance  assurance  of  system 
software  products.  Mail  resume 
to  Hewlett-Packard  Company, 
5400  Legacy  Drive,  MS  H1-6E- 
28,  Plano.  TX  75024.  Resume 
must  include  Ref.  #SDSWD11. 
full  name,  email  address  &  mail¬ 
ing  address.  No  phone  calls 
please.  Must  be  legally  author¬ 
ized  to  work  in  the  U.S.  without 
sponsorship.  EOE. 

Informatica  Corporation  has  an 
employment  opportunity  in 
Redwood  City,  CA  for 
Professional  Services  Consultant 
(RC13NAR):  Ensure  customers 
are  successful  in  deploying 
Informatic  data  integration  and 
analytic  platforms.  Work  with 
Informatica  customers  and  busi¬ 
ness  partners  both  on  short-term 
assignments  to  provide 

Informatica  expertise  and  longer- 
term  efforts  to  ensure  a  decision 
support  project  is  delivered  in 
accordance  with  the  customer's 
expectations.  Send  your  resume 
(must  reference  job  title  and  job 
code)  to  Informatica  Corporation, 
Attn:  M/S  KM024,  100  Cardinal 
Way,  Redwood  City,  CA  94063. 

Innowave  Technology,  LLC  is 
seeking  a  Software  Consultant 
in  Oracle  Technology  for  office 
in  Irvine,  CA.  B.Sc.  or  equiva¬ 
lent  in  Engineering,  Computer 
Science  or  related  field  and  5 
years  of  work  exp.  in  Oracle 
Technology  Products  required. 
Salaried/full  time  position.  For 
details  about  this  &  other  job 
opportunities,  please  visit  http:// 
www.innowavetech.com. 
Please  mail  CV  &  salary 
requirements  to  2151  Michelson 
Drive  #230,  Irvine,  CA  92612  or 
fax  to  949-223-6428 

Prog.  Analyst:  Architecture, 
design,  development  and  testing 
of  high-performance  stable  e- 
commerce  web  applications. 
Design  and  implementation  of 
backend  and  database  com¬ 
ponents.  Developing  application 
logic  and  error  reporting  man¬ 
agement.  Skills  ASP.NET,  C#. 
SQL  Server,  Java  Script,  XML. 
XSL,  XSLT,  Team  Foundation 

Server  etc.  Send  resumes  w /# 
to  Archbrook  Laguna,  LLC,  350 
Starke  Road.  Suite  #  400, 
Caristadt,  NJ  07072. 

Aptina  LLC  has  employment 
opportunity  in  San  Jose,  CA  for 
Design  &  Characterization 
Engineer  (SJ02ARA): 

Responsible  for  CMOS  senor 
test  chip  design,  including  pixel 
array  design,  column  S&H  cir¬ 
cuit  design,  column  decoder, 
row  decoder,  row  driver  and 
level  shifter  design,  low  noise 
amplifier,  full  chip  integration, 
analog  and  mix  signal  ,  simu¬ 
lation  and  characterization. 
Send  your  resume  (must  ref¬ 
erence  job  title  and  job  code)  to 
Aptina  LLC,  Attn:  Gloria 
Sanchez,  3080  North  First 
Street,  San  Jose,  CA  95134. 

Sr.  Software  Engineers:  (mul¬ 
tiple  positions  in  Indianapolis). 
Work  on  all  phases  of  SDLC. 
Des  &  dev  applns  using  tech¬ 
nologies  like  Java,  J2ee, 
Websphere,  Curam.  Develop 
User  interface  &  Data  access 
Layer,  using  technologies  like 
Structs,  JSF,  simple  JDBC  & 
Hibernate.  Req:  MS  or  equiv  in 
Engg  (any),  CS,  or  related  &  2 
yrs  exper  in  job  offered  or  as  a 
software  professional.  Mail 
resumes  w/code  #  210  to  ATTN: 
Sharon  R.  Reed,  RCR 
Technology  Corporation,  251 
North  Illinois  St.  #1150, 
Indianapolis,  IN  46204.  EOE. 
NO  PHONE  CALLS  PLEASE. 

Liaison  Technologies 

(Alpharetta,  GA)  seeks 
Software  Engineer  with  MS  in 
Computer  Science  W/  course 
work  in  Object-Oriented 
Programming  Languages, 

Java  or  C#,  Web/Scripting/ 
Markup  Languages,  HTML, 
XML.  JavaScript,  Database 
Scripting,  ANSI  SQL, 

Operation  Systems,  Windows, 
and  Network  Protocols:  HTTP, 
TCP/IP.  Qualified  applicants  e- 
mail  resumes  W/  cover  letter 
referencing  a  job  code  SE0119 
agarvin@lialson.com. 

Software  Developers  sought  by 
established  IT  Consulting  firm 
to  lead  efforts  in  all  phases  of 
SDLC  for  various  IT  projects. 
Environment  includes  VB.NET, 
C##.NET,  VBScript.  WIX, 
ASP.NET,  AJAX.  Positions 
require  MS  degree  and  at  least 
12  months  of  relevant  work 
experience.  We  will  consider 
applicants  with  BS  degree  and 
significant  industry  experience 
(i.e.  5  years  and  more)  Position 
based  out  of  Vienna,  VA  and 
subject  to  relocation  throughout 
the  US.  Send  resume  to:  HR 
Department.  Supremesoft 

Corporation,  1608  Spring  Hill 
Road,  Suite  210,  Vienna,  VA 
22182. 

Calif  based  IT  co.  has  multiple 

openings  at  its  U.S.  offices  and 

at  unanticipated  client  sites 

across  the  U.S.  for  Software  Eng, 

Progrmmr.  Analyst,  Systems 

Analyst,  Project  Leader/Mgr.. 

System  Mgr.,  ERP  Consultants, 

Biz  Dvlpmnt.  Consultant  &  Biz 

Analyst.  Mail  resumes  to  RJT 

Compuquest  Inc.,  23440 

Hawthorne  Blvd.,  #210,  Torrance. 

CA  90505,  Attn:  HR 

/  \ 

Looking  for 

something  new? 

You’ve  come  to  the 
right  place! 

Check  back  with  us  weekly  for 

fresh  listings  placed  by  top 

companies  looking  for  skilled 

professionals  like  you! 

iTcareers 

\ _ _ _ / 

30  COMPUTERWORLD  FEBRUARY  7,  2011 


SHARK!/  MK 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY  LILIILHIHLiLHHLHLILLLLnLLLHLLHninHLLLiH 


Keep  Your  Cool 

Plumbing  wholesaler  has  its  data  center  in  a  converted  office  in  the  middle  of  a 
building  in  New  England,  where  cooling  shouldn’t  be  a  problem  in  winter  -  right? 
“One  sub-zero  day  in  January,  l  went  into  the  server  room  and  noticed  that  the 
temperature  was  about  85  degrees  and  rising,"  says  a  sysadmin  pilot  fish  working 
there.  “Turns  out  the  compressor  on  the  air  conditioning  unit  froze.”  Fish  sets  up 
a  fan  and  opens  doors,  but  the  temperature  keeps  climbing.  It’s  20  below  outside, 


and  all  his  systems  are  overheating. 
Then  he  gets  a  brainstorm:  “I  got  a 
length  of  flexible  duct  from  the  ware¬ 
house  -  we’re  a  plumbing/ventilating 
distributor,  after  all  -  and  ran  it  from 
an  open  window  to  the  computer 
room.  It  ended  about  three  feet  short 
of  the  door,  but  by  turning  the  box 
fan  around  to  blow  cold  air  in,  we 
were  able  to  get  the  room  down  to  65 


degrees  in  about  an  hour.  Negative- 
20-degree  air  will  do  that.  The  people 
who  sat  near  the  open  window 
weren’t  too  happy  about  it  until  we 
covered  the  open  area  with  the  box 
the  flexible  duct  came  in.” 

Keep  in  Touch 

This  pilot  fish’s  company  wants  em¬ 
ployees  to  be  constantly  available 


during  workdays  on  the  internal 
instant-message  system.  “This  inter¬ 
feres  with  doing  things  like  coding, 
testing,  being  on  the  phone  and  writ¬ 
ing  reports,”  fish  grumbles,  “but  my 
managers  really  want  to  see  me  on 
there.  Trouble  is,  the  system  would 
log  me  off  anytime  I  went  10  minutes 
without  hitting  a  key,  so  I  regularly 
got  chewed  out.”  That’s  until  a  co¬ 
worker  shows  him  a  trick:  Send  an 
IM  to  anyone.  As  long  as  the  window 
is  open,  the  system  won’t  log  you 
off.  “How  this  helps  the  company  is 
beyond  me,”  says  fish,  “but  I  haven’t 
gotten  any  more  management  com¬ 
plaints  about  staying  available  on  the 
IM  system.” 

Keep  Looking 

Consultant  pilot  fish  is  called  in  to  set 
up  the  PCs  for  a  not-for-profit  orga¬ 
nization  that  has  just  split  from  its 
parent  charity  -  and  it’s  pretty  clear 
those  PCs  were  on  a  network.  Don’t 
worry  about  that,  the  admin  at  the 
old  office  tells  fish.  We  don’t  use  that 
anymore.  “I  set  up  a  few  of  the  PCs,” 
says  fish.  “The  users  looked  at  them 
and  shrieked,  ‘Where  are  all  the  doc¬ 
uments?  Grants?  Client  documents?’ 
Nothing  was  stored  locally  in  any  ac¬ 
counts.  I  asked  the  admin  to  call  the 
old  office  and  ask  for  the  documents, 
DVDs,  backups,  whatever  they  could 
get.  The  old  office  said  they  thought 
the  documents  were  on  the  PCs,  so 
they  threw  the  server  out.  Literally, 
in  the  Dumpster,  several  days  ago, 
along  with  the  backup  tapes  and 
most  likely  any  other  evidence  that 
the  organization  once  existed.” 


»  Feed  the  shark!  Send  me 
your  true  tale  of  IT  life  at  sharkyg) 
computerworld.com.  You’ll  snag  a 
snazzy  Shark  shirt  if  I  use  it. 


CHECKOUT  Sharky’s  blog,  browse  the  Sharkives  and  sign  up  for  home  delivery  at  computerworld.com/sharky. 


ADVERTISERS’  INDEX 

This  index  is  provided  as  an 
additional  service.  The  publisher 
does  not  assume  any  liability  for 
errors  or  omissions. 


l&l  Internet . 9 

landl.com 

CA  Technologies . C4 

security.com 

dtSearch  . 29 

dtsearch.com 

Hewlett-Packard . 13 

hp.com/laserjet 

IBM  Non-Intel . C2 

ibm.com/engines/ 

informationprotection 

IBM  Non-Intel . 5 

ibm.com/engines/storage 

IT  Roadmap 

Conference  &  Expo . 11 

itroadmap.net/chiad 

ITWatchDogs . 29 

itwatchdogs.com 

Microsoft . 17 

microsoft.com/cloud/azure 

Qwest  Business . C3 

qwestsolutions.com 

SunGard . 19 

sungardas.com/cloudll 

University  of 

Maryland . 23 

umuc.edu/mychallenge 


R  DA  Perio(1  ical 

tP'prM  postage 
i-jvmh  paid  at 
Framingham,  Mass.,  and 
other  mailing  offices.  Posted 
under  Canadian  International 
Publication  agreement 
PM40063731.  CANADIAN 
POSTMASTER:  Please  return 
undeliverable  copy  to  PO  Box 
1632,  Windsor,  Ontario  N9A 
7C9.  Computerworld  (ISSN 
0010-4841)  is  published  twice 
monthly  by  Computerworld 
Inc.,  492  Old  Connecticut  Path, 
Box  9171,  Framingham,  Mass. 
01701-9171.  Copyright  2011  by 
Computerworld  Inc.  All  rights 
reserved.  Computerworld  can 
be  purchased  on  microfilm  and 
microfiche  through  University 
Microfilms  Inc.,  300  N.  Zeeb 
Road,  Ann  Arbor,  Mich.  48106. 
Computerworld  is  indexed. 

Back  issues,  if  available,  may  be 
purchased  from  the  circulation 
department.  Photocopy  rights: 
permission  to  photocopy  for 
internal  or  personal  use  is 
granted  by  Computerworld  Inc. 
for  libraries  and  other  users 
registered  with  the  Copyright 
Clearance  Center  (CCC),  provided 
that  the  base  fee  of  $3  per  copy 
of  the  article,  plus  50  cents 
per  page,  is  paid  directly  to 
Copyright  Clearance  Center, 

27  Congress  St.,  Salem,  Mass. 
01970.  Reprints  (minimum 
100  copies)  and  permission  to 
reprint  may  be  purchased  from 
Ray  Trynovich,  Computerworld 
Reprints,  c/o  The  YGS  Group, 
Greenfield  Corporate  Center, 
1808  Colonial  village  Lane. 
Lancaster,  Pa..  17601.  (800) 
290-5460,  Ext.  148.  Fax:  (717) 
399-8900.  Web  site:  www. 
reprintbuyer.com.  E-mail: 
computerworld@theygsgroup. 
com.  Requests  for  missing  issues 
will  be  honored  only  if  received 
within  60  days  of  issue  date. 
Subscription  rates:  <5  per  copy: 
Annual  subscription  rates:  - 
$129:  Canada  -  $129:  Central 
&  So.  America  -  $250;  Europe 
-  $295;  all  other  countries  - 
$295:  digital  subscription  -  $29. 
Subscriptions  call  toll-free  (888) 
559-7327.  POSTMASTER:  Send 
Form  3579  (Change  of  Address) 
to  Computerworld,  PO  Box  3500, 
Northbrook.  III.  60065-3500. 


COMPUTERWORLD.COM  31 


-  OPINION 


Sure  the  Cloud’s  Insecure; 
It’s  Like  Everything  Else 


Many 
programmers 
don’t  validate 
input  because, 
ley,  faster  is 
better,  right? 


Frank  Hayes 

has  been  covering 
the  intersection 
of  business  and  IT 
for  three  decades. 
Contact  him  at 
cw@frankhayes.com. 


WORRIED  ABOUT  SECURITY  IN  THE  CLOUD?  Fret  over  this  in¬ 
stead:  Last  month,  a  hacker  surfaced  who  claimed  he  can  sell 
access  to  more  than  a  dozen  government,  military  and  univer¬ 
sity  Web  sites  —  all  cracked  easily  because  of  bad  programming. 
Who  needs  the  cloud  for  lousy  security?  It’s  everywhere! 


Consider  whose  Web  sites  were  hacked  and 
offered  for  sale  to  thieves  for  less  than  $500 
each:  the  states  of  Michigan  and  Utah.  And  the 
South  Carolina  National  Guard.  And  government 
agencies  in  Italy  and  Albania.  And,  maybe  most 
disturbing  of  all,  the  U.S.  Army’s  Communica- 
tions-Electronics  Command,  which  does  software 
engineering  for  battlefield  systems.  These  guys 
really  should  be  getting  their  programming  right. 

Oh,  it  gets  worse.  The  hacker  almost  certainly 
hijacked  the  sites  by  using  a  pair  of  tricks  that 
have  been  around  seemingly  forever:  SQL  injec¬ 
tion  and  buffer  overflow.  Those  attacks  don’t 
require  an  expert  black  hat  —  just  a  script  kiddie 
with  some  time  to  kill. 

And  those  attacks  are  easy  to  prevent;  program¬ 
mers  just  have  to  set  things  up  so  that  the  system 
makes  sure  any  input  to  a  Web  site  is  valid.  If  a 
form  asks  for  a  name  and  the  input  turns  out  to  be  a 
snippet  of  SQL  code  or  5,000  binary  bytes,  it  should 
be  rejected  —  not  passed  on  to  a  back-end  database. 

But  validating  input  requires  a  little  extra  code 
that  slows  down  Web  servers  just  a  little  bit.  As  a 
result,  many  programmers  —  and  most  program¬ 
ming  tools  —  don’t  do  it  automatically  because, 
hey,  faster  is  better,  right? 

That’s  been  the  mantra  of  the  IT  industry  for  50 
years.  And  it’s  been  a  curse  to  almost  everything 
else  of  value  in  IT.  Security?  Reliability?  Flexibility? 
Maintainability?  They’ve  all  been  sacrificed  in  favor 
of  cheap  little  tricks  that  make  things  run  faster. 

That’s  not  a  coincidence.  It’s  a  philosophy  — 
one  that  infects  everyone  from  programmers  and 


network  admins  in  your  IT  shop  to  educators, 
software  and  hardware  vendors  and,  yes,  cloud 
vendors  too. 

After  all,  the  faster  the  servers  run  up  in  the 
cloud,  the  more  customers  the  cloud  vendor  can 
handle  at  the  same  cost.  When  your  profit  all 
turns  on  efficiency,  speed  is  money. 

Security?  That’s  expensive.  And  you  can  bet  it 
won’t  be  more  of  a  priority  to  a  cost-cutting  cloud 
vendor  —  whose  standard  contract  probably 
includes  an  uptime  guarantee  but  no  security¬ 
vetting  clause  —  than  it  ever  was  in  your  own 
data  center. 

You  can’t  change  that  “faster  tiber  alles”  philoso¬ 
phy.  So  if  you  want  security  in  the  cloud,  you’ll 
have  to  force  the  issue.  You’ll  have  to  get  some 
security  guarantees  written  into  your  contracts, 
including  provisions  that  allow  you  to  do  security 
testing  on  your  own  cloud-based  applications. 

Then  you’ll  have  to  reinvest  some  of  your 
savings  from  going  to  the  cloud  into  doing  that 
security  testing.  Hire  some  “ethical  hackers”  to 
hammer  on  your  cloud  applications,  trying  to 
break  them,  hijack  them  or  find  ways  inside  them. 
Then  keep  bringing  them  back  periodically  to 
hammer  away  again  —  remember,  the  cloud  is 
all  about  constantly  moving  applications  around. 
What’s  safe  today  may  be  insecure  next  month. 

Does  that  sound  over  the  top?  Maybe  —  but 
it’s  the  only  way  for  you  to  validate  security  in 
the  cloud. 

And  if  you  don’t  do  it,  you  can  be  pretty  sure 
that  sooner  or  later,  some  hacker  will  find  you.  ♦ 


32  COMPUTERWORLD 


FEBRUARY  7.  2011 


WHAT’S  the  BUSINESS  PROBLEM? 


PLAN  A 
PLAN  C 
3LAN  D 
PLAN  E 


- ' - — -  - - 9  N V 1  d  ON  - - - — - — 

the  QWEST  SOLUTION;  Whatever  the  world  throws  at  your  company,  a  solid 
business  continuity  plan  keeps  you  up  and  running.  From  Data  Circuit  Reroute  to 
Real  Time  Application  Recovery',  Qwest  business  continuity  solutions  help  you 
avoid  downtime  disasters.  Solve  more  problems  at  qwestsolutions.com. 


Solve  problems  on  the  go. 

Download  Qwandary  for  the  iPhone. 


BUSINESS 


Copyright  ©  2011  Qwest.  All  Rights  Reserved. 


who  can  turn  security  into 
“know”  instead  of  “no”? 


Saying  “no”  to  unauthorized  access  is  important. 
But  “know”  is  far  more  important. 


Content-Aware  Identity  and  Access  Management  from 
CA  Technologies  brings  the  power  of  “know”  to  IT 
environments— virtual,  physical  or  cloud— all  the  way 
down  to  the  data  level. 


i 


Identities.  Access.  Information.  Compliance. 

A  smarter,  more  secure  solution. 

That’s  the  power  of  know. 

To  put  the  power  of  know  to  work  for  you,  visit  www.security.com 


■k  « f  i  a  nan  + 


+ 


+ 


Copyright  ®<?011  CA.  All  rights  reserved. 


